I want to start looking to migrate several individual service I have, like DNS, DHCP and VPN into one package like OPNSense.
Currently I only have a machine with 1 lan port and it’s inside my network, but if I like the product and learn how to use it, I’ll migrate OPNSense to a dedicated machine that will be a proper router with 2 or more lan ports and put between the router and my network.
so, if I just wanted to use it for DNS, DHCP and VPN is that possible?
thank you.
EDIT: i am going to try and be a little more clear, because all of the replies i am getting are beating around the bush with hypotetical situations and “should nots” without actually answering the question
all i want is a YES/NO answer. i’ll figure out the HOW later.
inside an existing network and forget about the internet for a minute, on a minipc with 1 ethernet port, can opnsense be used as a DHCP, DNS and VPN server (i do not need any of the other features, like firewall)? YES/NO?
The services you listed SHOULD work even if OPNsense is behind the firewall. The only thing I’m not sure about is if OPNsense will even let you go forward with the install without seperate LAN/WAN ports.
You’ll have to disable DNS/DHCP on whatever you use now and enable those services on OPNsense. Point DNS to OPNsense using DHCP. You shouldn’t have to do anything to get DHCP working other than disabling it on the existing machine.
As far as the VPN goes, this may be tricky. Tailscale is probably the easiest option. Otherwise, you’ll have to put a NAT rule in your public-facing firewall pointing the VPN port to your OPNsense machine. I’ve never done it this way, so I’m not sure you’ll get in trouble with double NAT. There are other platforms that run WireGuard internally, it’s pretty common in moden NAS’, so you should be fine.
I am currently using Linksys wrt1900 that ran as a smart switch and an access poin with Dell Wyse 5070 that has only 1 port. And it is working great… no need to buy a separate manage switch and an access point… too bad this group doesn’t support images or I would post pictures
Answer is YES, just as you could do it with any freebsd distro, but this one just happens to have those services built-in along with a nice webgui for config.
Configure the dhcp, dns and vpn on it with it an internal ip address/subnet on the same lan network as on your existing router. Don’t configure thoses services on your existing router.
Instead, dhcp on the opnsense machine will answer dhcp broadcast requests. Configure dhcp on the opnsense to answer with gateway ip of the actual router on your network, and itself for the dns provider (assuming you enable/configure the opnsense dns resolver).
So therefore, dhcp with would answer w/ your opnsense ip for dns, but your router’s ip for gateway. All these services don’t have to be the same machine nor do they need to be on your router.
vpn can work if you configure if portforward whatever ports you need to opnsense machine from your main router.
The trick is you need to make sure add/configure your existing routers internal ip address to opnsense’s gateway list. This way, the opnsense box will know how to get connectivity for itself.
And if you want to be extra slick, on the lan interface config page, you can enable it enabled - setting is called " IPv4 gateway rules" and it’s on the very bottom of the configuration page. This setting will turn opnsense itself into a router and route incoming packets to the gateway also (but not really necessary).
EDITED for some clarity.
EDITED AGAIN: Ouch downvoted into oblivion - how am I wrong? This topology is often found in enterprise environments. A layer 3 switch (say a cisco router) handles the routing, and all those other services can be provided by other appliances, and very often are not the same device and often only have 1 nic (esp if virtual).
I have one minipc with 1 lan port where I intent on installing opnserve for the 3 basic services I mentioned, to learn more on how to use opnsense while I save up for a protecti vault with 2 ports and all I wanna know is if opnsense can do “just dhcp, dns and vpn” or if I should look elsewhere.
I don’t care if it’s optimal. You don’t worry about me learning or not. No im not gonna buy a second nic (have you even read my post, how exactly would I fit a nic inside a minipc anyways?)
Y’all just want to sound smart, talk about stuff I have not asked.
But has anyone actually answered the question? NO!!!
It’s a simple question for crying out loud. A yes/no answer question.
You’re gonna need to acquire a second lan port if you can’t get a managed switch. Check your parts box for other pcie cards or something. Maybe a USB network card. Obviously one that is supported within opnsense
It can do all of that - with two ethernet ports. In your case, you will need to virtualize it because you only have one physical port and create two virtual NICs in the VM.
