Configure OPNsense without interfering with old router

[anvoice]

Hello, I have an N6005 box with 4 i226V NICs that I would like to use as a router. I set up Proxmox and an OPNsense virtual machine, but once I bring the VM online and configure OPNsense I'll have 2 DHCP servers on my network, which will lead to problems. I currently have the management network of Proxmox connected to an unmanaged switch (which is connected to the old router) so I can configure Proxmox from my existing network. I realize this might be very basic, but how do I prevent OPNsense from taking over from my old router until I am ready to make the switch?

As a small aside, the tutorials I was following to set this up usually assume another 10 gigabit connection to the switch for VLANs, and I only have 4 2.5Gbe NICs. If anyone happens to knows how one would modify the setup steps to account for this, I would be grateful to know.

 

[cwt]

I guess the „new“ OPNSense is bare-metal? If your IP setup is identical on both firewalls you‘ll run into an IP conflict. To prevent this you can temporarily use a different LAN address/subnet for your new firewall and switch it back to the original one when your VM is not in use anymore. To access your bare-metal system from a client you‘ll have to add a (temporary) IP of the subnet to it. For example: your current network is 192.168.10.0/24, the new system is on 192.168.20.254. Your client has an IP like 192.168.10.100. Add 192.168.20.100 to your client as an additional IP with the appropiate netmask of 255.255.255.0.

Or you can temporarily „disconnect“ the virtual NICs of your VM (this will immediately „cut off“ your VM from the network). In that case your new firewall will be in charge of every aspect (DNS, DHCP, rules, etc.).

VLANs are an alternative but unmanaged switches can‘t handle this.

For VLANs in OPNSense you can bundle 2 unused ports of your 4 NICs to a LACP LAGG. Usually 1 port is used for WAN and another for LAN. 10G is not a must-have but nice-to-have. Beside that, your switch must support speeds >1G and VLANs.

 

[anvoice]

I guess the „new“ OPNSense is bare-metal? If your IP setup is identical on both firewalls you‘ll run into an IP conflict. To prevent this you can temporarily use a different LAN address/subnet for your new firewall and switch it back to the original one when your VM is not in use anymore. To access your bare-metal system from a client you‘ll have to add a (temporary) IP of the subnet to it. For example: your current network is 192.168.10.0/24, the new system is on 192.168.20.254. Your client has an IP like 192.168.10.100. Add 192.168.20.100 to your client as an additional IP with the appropiate netmask of 255.255.255.0.

Or you can temporarily „disconnect“ the virtual NICs of your VM (this will immediately „cut off“ your VM from the network). In that case your new firewall will be in charge of every aspect (DNS, DHCP, rules, etc.).

VLANs are an alternative but unmanaged switches can‘t handle this.

For VLANs in OPNSense you can bundle 2 unused ports of your 4 NICs to a LACP LAGG. Usually 1 port is used for WAN and another for LAN. 10G is not a must-have but nice-to-have. Beside that, your switch must support speeds >1G and VLANs.

Thanks for your reply!

The new router is the OPNsense virtual machine I have yet to set up. The old router is an older TP-link model that I was hoping to replace once everything is stable. Apologies for the confusion. My guess is for that I need some setting in Proxmox to allow me to temporarily prevent the new router from interfering with my system while still allowing me to configure it.

Also. a bit more info in order: I do have an 8-port 2.5Gbe managed switch, it's just not used yet. I was planning on replacing the old unmanaged 1 gig switch with that.