Please help me get connected to the internet

[Notconnected]

Hello once again, I am making no progress in regard to connecting my OPNsense
router/firewall to the internet.

I have tried to get my OPNsense box to connect to the internet via my hotspot
which is bridged to my mobile phone, and had no success at all.

I have also connected a USB to WiFi adapter to my phone and connected
the ethernet end of the adapter to the WAN port on my OPNsense box and
have failed to make an internet connection using this method either.

I can connect the hotspot which is bridged to my mobile directly to a
computer and that computer can access the internet.
I can also connect the USB to WiFi adapter to my computer via the ethernet
port and also rech out to the internet.

I truly have no idea why neither device when connected to my OPNsense
box's WAN port will not work.

There are so many settings under >Interfaces >WAN that I do not know where to
start filling in the required details, or even what details are reauired.

Could someone please help me get this to work.

I connected both my USB to WiFi adapter and my Hotspot to my switch
and both allowed the devices connected to the switch to access the
internet, but this is not good as they do not go through the OPNsense
router/firewall.
But even this approach seems to only work sometime, am pretty sure
I do not change the working settings and yet when I try another day
I often can not connect to the internet, not sure why.

I have no wired internet provider where I live, so am stuck with using
a mobile phone bridged to a hotspot which I can plug in via ethernet
cable to the WAN port on the OPNsense box, or similar setup using USB to WiFi adapter.
I attach the switch to the LAN port on the OPNsense box and the other
devices am trying to access the internt with to the WAN port, I assume
this is the correct approach, did I at least get this right.

Thanks in advance to anyone who is able to help.

 

[dave14305]

Linking the same thread at the OPNsense Forum.

Please help me get connected to the internet through my OPNsense router.

Please help me get connected to the internet through my OPNsense router.

forum.opnsense.org

 

[Notconnected]

Linking the same thread at the OPNsense Forum.

Please help me get connected to the internet through my OPNsense router.

Please help me get connected to the internet through my OPNsense router.

forum.opnsense.org

Yes, and still no answers. I could not follow the OPNsense video in regard to setting up the box, as I was just using my phones hotspot at that time, but now that I have the switch installed, and a few devices connected to the switch, and am able to ping them and transfeare files between them, I moved on to the matter of internet access for them, and so far nothing I tried has worked.
I found a few other videos, but they just say put an IP here, what IP, from what range, or is it the IP of another device such as my wired hotspot, nothing is clear as of yet.

 

[degrub]

Very basically, the router WAN IP address needs to be on the same LAN subnet the hotspot is providing to your devices when directly connected.
Then the router LAN devices need to be within the LAN DHCP range you set up in the router if using DHCP or have static addresses outside the same subnet used for the LAN.

 

[Tech9]

Yes, and still no answers.

You get no answers because with your basic networking knowledge helping you with OPNsense via text messages is like explaining Windows in sign language. As I told you before this is an entire OS with hundreds of settings in correct networking terms, different than user-friendly named settings in home routers. Many things you have to do manually, there is no one click presets like in home routers. I can only guess you don't get access to Internet because OPNsense (like pfSense) by default doesn't route private IP addresses on the WAN interface. You are perhaps in double NAT.

I also don't know why your access to Internet is on a cell phone. Virtually all mobile operators offer Internet access options for remote areas with 4G/5G gateways. It's a small separate device with SIM card inside and Ethernet ports. No need to use any USB-to-Ethernet dongles or cell phones. Most mobile operators provide the device for free with some service contract.

 

[Notconnected]

You get no answers because with your basic networking knowledge helping you with OPNsense via text messages is like explaining Windows in sign language. As I told you before this is an entire OS with hundreds of settings in correct networking terms, different than user-friendly named settings in home routers. Many things you have to do manually, there is no one click presets like in home routers. I can only guess you don't get access to Internet because OPNsense (like pfSense) by default doesn't route private IP addresses on the WAN interface. You are perhaps in double NAT.

I also don't know why your access to Internet is on a cell phone. Virtually all mobile operators offer Internet access options for remote areas with 4G/5G gateways. It's a small separate device with SIM card inside and Ethernet ports. No need to use any USB-to-Ethernet dongles or cell phones. Most mobile operators provide the device for free with some service contract.

Yes, I have no experience with networking, that is why I am asking for help.
I am now at the point where I can gain internet access with my phone connected
via a USB to RJ45 adapter that in turn is connected to my OPNsenses WAN port.
It is working well, I updated OPNsense four times and am now on the latest release,
all over this USB to WAN connection.
The USB to RJ45 adapter I use has the AX88179A chipset in it, if anyone eles
finds themselves in the position to requre such a set up.

I have one problem still, I see am not using the dns server I set up in unbound.
When I check using online tools am using my phones / service providers dns server,
even though I have all the correct info in the boxes in unbound. I see my dns probider in the traffic
reports, so not sure what is going on.
.Under the unbound dns setting page there is a place for a tick at the very top, I think it says use
system dns servers, but am not sure what this means, if it means use the servers I entered below
this line, or if it means use the servers one can set up using the wizzard during install, I have no
dns servers listed under System > Settings .> General / dns entries.
Any advise on this would be appreciated.

Thanks

 

[Notconnected]

You get no answers because with your basic networking knowledge helping you with OPNsense via text messages is like explaining Windows in sign language. As I told you before this is an entire OS with hundreds of settings in correct networking terms, different than user-friendly named settings in home routers. Many things you have to do manually, there is no one click presets like in home routers. I can only guess you don't get access to Internet because OPNsense (like pfSense) by default doesn't route private IP addresses on the WAN interface. You are perhaps in double NAT.

I also don't know why your access to Internet is on a cell phone. Virtually all mobile operators offer Internet access options for remote areas with 4G/5G gateways. It's a small separate device with SIM card inside and Ethernet ports. No need to use any USB-to-Ethernet dongles or cell phones. Most mobile operators provide the device for free with some service contract.

I ordered a phone line, , I asked during the orer process if the line would be able to handle internet
when I would research the best provider in my area and was told yes.
I ordered interent, a month later no box from the provider arrived,
I asked them why, and was old my line needed upgraded.

I cancelled my contract with the phone company as they would not upgrade it,
they said they made a mistake when they said it was fine for internet useage.
It quite clearly was not, it was an old line from when the property was built
40 years ago, they should have known fine well it was long overdue an upgrade.

So, am stuck with a mobile phone for internet, which is fine as am the only user
and have unlimitd data plan.

 

[Tech9]

I have one problem still, I see am not using the dns server I set up in unbound.

If you use Unbound as Resolver - DNS check tools will show your WAN IP address as DNS server. If you use Unbound as Forwarder - DNS check tools will show the upstream DNS server(s) you forward queries to.

Any advise on this would be appreciated.

You have to start reading the official OPNsense documentation. Go one chapter at a time and get yourself familiar with the basics. All you need to know about Unbound DNS and in great details is here:

Unbound DNS — OPNsense documentation

docs.opnsense.org

 

[Notconnected]

If you use Unbound as Resolver - DNS check tools will show your WAN IP address as DNS server. If you use Unbound as Forwarder - DNS check tools will show the upstream DNS server(s) you forward queries to.



You have to start reading the official OPNsense documentation. Go one chapter at a time and get yourself familiar with the basics. All you need to know about Unbound DNS and in great details is here:

Unbound DNS — OPNsense documentation

docs.opnsense.org

I will look into how unbound is working currently for me and make one change at a time so as not to break anything.
Reading would be ok if I could see properly, am old and my eyes hurt, they are never the same any two days in a row. I used to be a welder and could see a crak in a hair, not now, vaccines did this to me.
Anyway, I appreciate you 're help as I do everyone elses.
Thank you all kindly.

 

[Tech9]

There are tutorials and videos online on how to set OPNsense step-by-step. Perhaps will be easier for you. Just follow the instructions to get you going and then explore one option at a time in case you want to change something.

 

[CornfieldWin]

With all due respect, how you contract for your Internet service and the hardware used is entirely up to you. Internet service provided OTA (Over-The-AIR) is slower by orders of magnitude than by either fast cable or fibre. You do not have to go backwards just because software configuration has not been satisfactorily explained.

Your USB-WIFI-Ethernet arrangement is a bit confusing which likely comes form Opnsense lack of modern functioning WIFI drivers in FreeBSD, which frankly is highly annoying. So good on you if you found a way around it. Will assume as reported that you have confirmed it works with a standard OS computer to connect to the Internet. Realize that in Opnsense configuration of the LAN has two separate and very differently presented parts.

First, make sure the WAN ethernet port with your particular hardware arrangement plugged in and the LAN port are on different IP networks. Being on the same IP network will simply create a giant loop back network with no Internet connection even if everything else works on its own as reported. Network addresses are assigned by the console Interface Assignment prompts [1] or in the GUI Interfaces option with the drop down for each choice of Interface to configure [LAN in this case].

Second, realize that Merlin does a good job for reasons of simplicity of glancing over details that Opnsense reveals (as does OpenWRT but that's another story). "LAN" and "WAN" mean one port each, not the complex notions that Merlin uses to good effect for a home router. In Opnsense you deal with each interface individually. Each Interface face is assigned to a physical device (port) and configured in the same manner. The Opnsense console prompts the same way for every interface IP address assignment, although the appropriate answer for each Interface differs. In the GUI the pages have the same layout for each interface and the fields must be filled in according to the interface type. I never seen this clearly articulated because every insider already knows it is obvious to them since they have used it that way for a long time.

To get going, generally you tell the WAN to use the DHCP address that the ISP wants to assign to it. It can have a fixed address iff the ISP insists (which in your case is the hotspot where the real ISP may be further up the network, that detail is of no matter because you have already confirmed with second computer that the hotspot gives out good client addresses).

Next tell the LAN Interface Assignment prompt in the console or on the Interfaces page from the GUI main menu that the LAN must not use DHCP to get its own IP address. You must assign the LAN fixed address however you wish: it is 192.168.1.0/16 by default [I believe] in the console which is the same as 192.168.1.0/255.255.0.0. [I use 10.0.0.0/16 but that too is another story]. The console prompts are confusing until you realize that they mean the interface itself is or is not a DHCP client (No, the LAN is not). It does not mean that the LAN is giving out address for the LAN clients which is specified separately. Extra important: make sure the LAN IP address and the LAN Gateway address are correct which typically means that they are the same. A mistaken LAN Gateway address can defeat reaching the Internet even when everything else is good.

Next set up the LAN DHCP ranges which govern how the LAN (only) gives out IP addresses to its client hosts. Do so in the console Interface Assignment prompts (of necessity for initial set up to make the GUI available) or in the GUI Menu->Services->DNSMasq->DHCP Ranges fields after first selecting the LAN interface drop down value at the top of the page. Fill in the desired two addresses of the DHCP range but do not let the LAN IP address or fall within the range. Double check the LAN gateway field is good as mentioned. In Merlin, the LAN and DHCP set up has two tabs are on the same page. But in OPNsense GUI they are spread far apart with one part being in the Interfaces option and the other part deep down in the Services option because DHCP service is always optional on any Interface, even of the LAN Interface if so desired.

Now comes the big test. I would start with leaving Merlin untouched and plug the Opnsense LAN port cable into the Merlin's LAN port. Boom! Opsense is now the ISP. If that works, back up Opnsense, and for sure back up Merlin. Switch Merlin to AP mode (cross fingers) and do a hard reset to clear out any residual non-volatile configuration parameters that could cause grief now or later. After these two reboots your network should run tickety bool and Merlin's interface has lost all Router configurations options but still has the rest. Kind of ghostly at first encounter. Congrats, you are up and running! P.S. Be nice to Merlin, it can still do AIMesh for you and it runs your WIFI radios. Now you have the luxury of poking around the rather good online Opnsense documentation and oodles elsewhere from the luxury of your own functioning Opsense controlled network.

You get no answers because with your basic networking knowledge helping you with OPNsense via text messages is like explaining Windows in sign language. As I told you before this is an entire OS with hundreds of settings in correct networking terms, different than user-friendly named settings in home routers. Many things you have to do manually, there is no one click presets like in home routers. I can only guess you don't get access to Internet because OPNsense (like pfSense) by default doesn't route private IP addresses on the WAN interface. You are perhaps in double NAT.

I also don't know why your access to Internet is on a cell phone. Virtually all mobile operators offer Internet access options for remote areas with 4G/5G gateways. It's a small separate device with SIM card inside and Ethernet ports. No need to use any USB-to-Ethernet dongles or cell phones. Most mobile operators provide the device for free with some service contract.

 

[Tech9]

I would start with leaving Merlin untouched and plug the Opnsense LAN port cable into the Merlin's LAN port. Boom! Opsense is now the ISP.

Boom... wrong port. There is no "Merlin" in OP's setup. You are quite confused about WAN, LAN and DHCP.

 

[CornfieldWin]

My bad for that additional but redundant assumption but then as described it does work. It does directly address the OP question that had not been answered satisfactorily. It describes a separation of concerns between routing level functions and bridging functions in the hardware architecture which allows the routing to be altered independently of changing back end home routers and switches. Basically that's why Router mode and Access Point mode exist. Not a minor issue. Network management and security by policy is not a minor issue either. Also as no doubt aware, Opnsense makes about the worst WIFI server possible due to FreeBSD driver limitations stuck at 802.11N (Wifi 4) which means it would also be about the worst choice as the primary node in a stand alone mesh network. I think most Opensense implementations like most true routers, assume those functions live mainly in the back end of the network. The OP almost certainly would have anticipated something else do do those network functions and would need to connect to them as Access Points.

Also please clarify what claims are being made as to confusion and about the operation of the WAN, LAN, and DHCP. While you are at it, it would be gracious to show where description of the hardware configuration of the Opnsense server and the configuration instruction for Opnsense WAN and LAN are wrong - because frankly the objection to mentioning the Merlin backend is irrelevant to configuring Opnsense, no? It is not clear how viewing the Merlin GUI is off the mark by being seen as controlling a tightly configured and blended Level 3 router, Level 2 bridge(s), smart switch(s), and collection of Ethernet and radio interfaces, and Level 1 NICs, but always open to learning. We could also touch upon the meaning and function of MAC filters for security. Thank you for your attention.