this post was submitted on 28 Sep 2023
18 points (90.9% liked)

homelab

6651 readers
3 users here now

founded 4 years ago
MODERATORS
 

I installed opnsense on an i5-6500T (native, no vm) but it looks like the performance is very bad, most websites are timing out.

everything is turned off, there's no packet inspection or blocks, even the unbound dns server is not used (using a DC for that)

it's the computer that's underpowered, or i did some mistake in configuring it? Using two routers in the networks for my convenience

top 13 comments
sorted by: hot top controversial new old
[–] MangoPenguin@lemmy.blahaj.zone 6 points 1 year ago (1 children)

Are you running WAN and LAN on the same subnet connected to the same gateway?? That's going to cause all kinds of weird issues. You can change LAN to a unique subnet instead.

i5-6500T can handle way more than gigabit throughput.

[–] Moonrise2473@feddit.it 2 points 1 year ago (1 children)

yes in my inexperienced mind it seemed a great idea as it had a "failover" router

[–] MangoPenguin@lemmy.blahaj.zone 1 points 1 year ago* (last edited 1 year ago) (1 children)

You can still do the setup nearly the same, but you'll need to change the opnsense LAN to its own unique subnet, and put PC2 on that subnet with a manual IP setup.

Make sure you don't enable DHCP on opnsense too, since that will really interfere with the existing router.

The only real downside to this, is PC2 traffic to access PC1 or other devices on the main router, will have to go through opnsense and you'll need firewall rules for that.

[–] Moonrise2473@feddit.it 2 points 1 year ago

After you mentioned that I checked now and in opnsense DHCP leases they're all in wan and not in LAN

LOL what I mess I created...

[–] veroxii@aussie.zone 6 points 1 year ago (1 children)

Your diagram is weird. Isn't the opnsense box supposed to replace the router. Or at least it should be between the existing router and you clients. Pc 1 go to opnsense Lan. And opnsense wan to the router and internet.

You're creating all kinds of loops which is generally a bad idea. Your data should flow in 1 direction like a tree.

Unless there are a lot of details you're not sharing.

Also remember generally a router is not a switch. Plug all your PCs into a switch. Plug a wifi access point into the switch. And then have the switch go into the lan of your opnsense.

And then have the wan go out to the internet.

[–] Moonrise2473@feddit.it 0 points 1 year ago (1 children)

i had the idea that two gateways could work in the same network without issues... in my inexperience i tried it with three hosts on an hyperv virtual network and it worked.

my stupid idea it's like this:

  • main router 192.168.1.1
  • opnsense LAN connected to a switch on router LAN1 192.168.1.254
  • opnsense WAN 192.168.1.2 (still on the switch on the router LAN2)
  • pc1 static IP address 192.168.1.3 with main router as gateway and this works
  • PC2 DHCP assigned by opnsense in a pool from 192.168.1.50 to 192.168.1.100 with opnsense 192.168.1.254 as gateway

why i do this? To have a "temporary" setup where i slowly move all the static ip addresses to opnsense and in this way everything can have a valid configuration

[–] veroxii@aussie.zone 3 points 1 year ago

You can still do this but as others have said you need to have 2 separate lans. Your old Lan can go to PC 1 from old router. Then opnsense wan goes to your existing Lan and importantly you are now creating a new Lan on the lan side of opnsense. Here you can connect the PC 2 to test with. Each PC should only be on 1 Lan and each Lan should have a separate subnet.

See this post and the last comment even references a diagram to exactly what you want: https://forum.opnsense.org/index.php?topic=32774.0

There are all kinds of routing protocols and algorithms at play which don't like loops and multiple routers competing to control the same subnet.

[–] Whayle@kbin.social 4 points 1 year ago (1 children)

Two routers seems like a possible issue

Good point, a double NAT setup can cause weird issues.

[–] What_the_vent_meant@beehaw.org 3 points 1 year ago (1 children)

An i5-6500T doesn’t feel underpowered to me unless you’ve got IPS + IDS and/or OpenVPN running. Is anything firing off a bunch of errors in the logs?

[–] Moonrise2473@feddit.it 1 points 1 year ago

in the logs i have a lot of " Block private networks from WAN" - it might be that i misconfigured everything with LAN and WAN in the same subnet

[–] fxt_ryknow@lemmy.world 2 points 1 year ago (1 children)
[–] Moonrise2473@feddit.it 1 points 1 year ago

Unfortunately yes, my inexperience let me put two gateways on the same subnet

I need to rethink it