0

I'm trying to install an OPNSense router behind my ISP-provided combination-modem-gateway-and-router Pace 5268ac (which I would hope to convert to only operate as a modem). I've followed the instructions here to put the Pace into Bridge Mode, and they mostly worked - I'm able to connect to either of the routers (Pace or OPNSense) via LAN and use that connection to access the Internet, or (having re-enabled WiFi from my Pace router) I can also access the Internet using WiFi via the Pace router. However, I haven't been able to set up my Wireless AP (Unifi AP AC Pro) with the OPNSense router, so it's most-convenient for now to be connected (via WiFi) to the Pace device.

However, I'm not able to access the OPNSense router while connected (only) to the Pace device. The OPNSense router shows up as connected in the Pace device's UI (with an IP address that matches my home's apparent public IP, according to ifconfig.io), and I can ping the OPNSense router on that public IP, but attempts to ssh to it hang indefinitely (I can ssh to it as-expected when connected directly to the OPNSense router). As advised here I've turned off "Block Private Networks" for WAN and LAN (which I believe would have blocked my connections), but the ssh attempt or web GUI still fails.

EDIT: While on the OPNSense router, I can load the web GUI for the Pace router - it's only the other way around (loading the web GUI for the OPNSense router while on the Pace router) that fails.

scubbo
  • 185
  • 3
  • 9
  • Please list the firewall rule you've created for the SSH connection – JW0914 Apr 23 '22 at 11:57
  • I haven't created any Firewall rules. – scubbo Apr 24 '22 at 06:36
  • If I'm understanding your connection right _(WAN → Pace → LAN → OPNSense)_, a DNAT rule must be configured on the Pace router for the OPNSense SSH server _(don't expose `22` to WAN, instead use a high WAN port north of `40000` forwarded to the SSH port on the OPNSense - this assumes the OPNSense is connected to the Pace router via a LAN, not WAN, port)_. For the OPNSense WebUI, that sounds like you've connected the OPNSense WAN port to the Pace router, otherwise the WebUI would be accessible by navigating to the IP the Pace router has assigned the OPNSense router - if so, you're double NAT'd. – JW0914 Apr 24 '22 at 12:06
  • I don't know how to determine if you're understanding the connection right. The OPNSense has both a WAN and a LAN interface, but I suspect you're not talking about those. The Pace device is between the Internet and the OPNSense. The Internet is connected to the Pace's WAN port, and the OPNSense's WAN port is connected to one of the Pace's LAN ports – scubbo Apr 24 '22 at 19:30

0 Answers0