I have worked on getting OPNsense setup on a single nic for 2 good weeks and you just made it so so so easy. I just want to express my sincere gratitude to you for the life saving video tutorial. Keep up the good work.
I needed to install opnsense on my proxmox to assign static ip addresses to my machines (as my physical router refused to assign static IP addresses to more than 10 addresses) but all other tutorials were so daunting that i did not dare to try especially when they said that it is must that i have two physical network devices for my opnsense vm but after watching this video I am 200% confident that this will not be an issue. Thanks for making such helpful tutorials.
I think you hit the nail on the head with your intended topic because by following your instructions that is exactly what happens after installing tailscale the perfectly working opnsense setup I had is now broken and I had to restore opnsense from backup I created in the event things broke afterwards. I think I will wait till you have released a native installer for FreeBSD before trying again :)
A next exercise would be to show us how to safely access the configuration GUI of OPNsense using Tailscale. It would be a useful and informative exercise. I can’t find any clear instructions of this. It would be a real enabler for both Tailscale and OPNsense.
I come by way of UnRAID and SpaceInvaderOne. I stayed for the Tailscale. Keep it up. And I love how you just gloss over your "little" ~90 TB storage there.
Would be good if you could take a look at the new Tailscale plugin for OPNsense if you get the time. Would appreciate your feedback and anything that can be improved, or maybe wrong. Have covered it in a video, confirming correct setup procedures, whether interface needs to be added etc. If nothing else comes from it, no more compiling from source 😊
Note that it's entirely possible to configure your test router, your test lab, etc to be ISOLATED, yet still be accessible, without using a third party software, just using the magic of managed switches. Let's say I put my main router in place, then connect it to a managed switch, where the PVID /VLAN ID is configured for vlan 99 for example. In my case, I have two cables from the main router to the same switch; one going to PVID 1 and one going to PVID 99; Now, I can have other networks with vlan 99 tagged on it, and then build a proxmox server, and to get internet coming off the router ( private ip, but connected ) I just use the 99 vlan tag. Let's say that this is hitting a virtual router, I can connect the virtual Opnsense to pick up the WAN on vlan 99, and feed the output back (LAN side ) into the managed switch(es) as 97. That 97 is still isolated, but accessible by the physical desktop that is typically on the LAN; for this trickery, I usually use either the managed switch, and set 97 to be untagged on a specific port, or I'll grab a USB ethernet adapter that allows me to set the VLAN within the driver. Voilla, I can now interface with the virtual opnsense from a physical machine, whether by switching ports on a switch, or by simply plugging in a USB ethernet adapter and changing the vlan there. While this sounds "theoretical", well, in practice, it is not just theoretical. It does indeed work. Just got to wrap one's head around how vlans work, and how managed switches work. On my managed switches, I do need to ensure that the tagged VLAN is available on all switches that the traffic has to traverse.. The beauty of this sort of system is that while it seems that virtual is the only thing one can do, it's not; I can indeed plug in a replacement router that I'm testing, using the magic of managed switches, test it completely while the misses is ignorant of the process. Most of my lab is in another room, but the main router/cable modem is in a third; it just requires thinking outside of the box a bit.. Yes, you may see an extra millisecond or so of "lag" with such a setup; But it's not a game changer as far as lag is concerned. I also have used virtual machines for the purpose; but in the end, it's often easier to reach up, and switch the ethernet over to a different port, or just pull out the USB NIC.
Awesome demo, works perfectly for my use case! I think one step that was missed was forgetting to remove the installation media ISO in Proxmox after installing OPNSense. Not sure if setting up OPNSense with the install media attached caused the interfaces to be reset on reboot. I went ahead and checked "Lock Interface" in OPNSense just in case.
Coincidentally, I theorized this a couple of weeks back and was planning on testing it out in a weekend. Now I know this works wonderfully. Great video !
Im sorry, i must have miss-clicked thumbs down the last time i was here. This is certainly a thumbs up video. I corrected my error, wish i could reverse any impact it may have caused. This video is great and its saved in my to do list. Its really a seal the deal on getting Tailscale.
At 16mins 42 there is an option to select a tailnet - how is this achieved as I want to isolate a tailnet for external services from a tailnet for internal services (e.g., Management IPs vs Jellyfin Plex IPs)?
Is OPNsense the one that only runs on 64bit X86 chips? Have this feeling I thought about installing it before but my always on computer is an ARM computer.
I just installed Tailscale in my OPNSense box, but I was wondering if any firewall rules should be created for the Tailscale interface, or any other configuration that needs to be done?
Thanks for the vid - this was extremely helpful. I followed everything but for some reason my ubuntu vm on the vlan is getting dns resolver errors. The opnsense vm does have internet access though. On opnsense > settings > general I left DNS servers blank and checked "allow dns server list to be overridden by DHCP" and on the ubuntu vm all network config is set to auto. it shows dns as the opnsense IP. Any ideas?
Where did the Ubuntu client got the IP address? from Proxmox or from Opnsense? I followed the steps and I can't seem to get an IP on my Ubuntu VM. Is the DHCP LAN on OpnSense enabled? Thanks.
Alex speaking here. I use the /20 to segregate my devices into different octets. It’s totally unnecessary but I like it that way. Here’s a full post from my personal blog with more details if you’re curious… blog.ktz.me/fully-automated-dns-and-dhcp-with-pihole-and-dnsmasq/
When running `make install`, you may get an error that it couldn't find the `bash` patch, just simply run `pkg install bash` first and that should resolve it for you.
Great video. As usual. Just one remark. Is the audio level a bit low for anyone else? On my Macbook Air M1 I have to set the volume to at least 2/3 to hear. May need my ears dewaxing.
Hello there! It’s Alex. I’m splitting my time between Tailscale as $dayjob and the self-hosted podcast + my other YT channel as side projects now! Nice to see you here.
Great video... however.... I've followed the steps precisely, twice, and I cannot access my OPNSense instance through Tailscale. It shows under machines, but I can't even get a ping response from it, or the virtual machine behind it. Any suggestions?
Super video, but assigning tailscale in opnsense causes not original devices error on reboot and manual device assignment leading to reconfig of interfaces on every reboot :( running precise same setup as in video
I followed these instructions, but the tailscale installer (make install) had a blue window that popped up and asked me questions about what to install and what architecture I have. I selected V4 for some instruction set, but I must have selected the wrong thing, because my tailscale install halts with: Building Go cmd/dist using /usr/ports/lang/go122/work/go-freebsd-amd64-bootstrap. (go1.20 freebsd/amd64) cmd/dist This program can only be run on AMD64 processors with v4 microarchitecture support. *** Error code 1 Any idea on what I can do? (I tried to make clean, make install clean, make clean-depends, add GOAMD64=v3 to /etc/make.conf...)
This guy homelabs..
That production quality, sheeesh!
I have worked on getting OPNsense setup on a single nic for 2 good weeks and you just made it so so so easy. I just want to express my sincere gratitude to you for the life saving video tutorial. Keep up the good work.
I needed to install opnsense on my proxmox to assign static ip addresses to my machines (as my physical router refused to assign static IP addresses to more than 10 addresses) but all other tutorials were so daunting that i did not dare to try especially when they said that it is must that i have two physical network devices for my opnsense vm but after watching this video I am 200% confident that this will not be an issue. Thanks for making such helpful tutorials.
I think you hit the nail on the head with your intended topic because by following your instructions that is exactly what happens after installing tailscale the perfectly working opnsense setup I had is now broken and I had to restore opnsense from backup I created in the event things broke afterwards. I think I will wait till you have released a native installer for FreeBSD before trying again :)
I have been using Tailscale as long as i can remember.
even after all this time of using it - it is still feel like some witchcraft magic.
Brilliant video, appreciate the use case and tailscale setup. Had struggled for weeks to accomplish a basic understanding.
A next exercise would be to show us how to safely access the configuration GUI of OPNsense using Tailscale. It would be a useful and informative exercise. I can’t find any clear instructions of this. It would be a real enabler for both Tailscale and OPNsense.
Really nice video, easy to understand and great production quality! More videos please 👍
I was doing some wild stuff in order to achieve exactly this, this is a game changer.
I was expecting to hear 'KTZ' at the end and only realised this was a different channel!! :D Same great stuff, thanks Alex
Absolutely game changer. Thank you for making this Alex.
I come by way of UnRAID and SpaceInvaderOne. I stayed for the Tailscale. Keep it up. And I love how you just gloss over your "little" ~90 TB storage there.
Rookie numbers
Would be good if you could take a look at the new Tailscale plugin for OPNsense if you get the time. Would appreciate your feedback and anything that can be improved, or maybe wrong.
Have covered it in a video, confirming correct setup procedures, whether interface needs to be added etc.
If nothing else comes from it, no more compiling from source 😊
Note that it's entirely possible to configure your test router, your test lab, etc to be ISOLATED, yet still be accessible, without using a third party software, just using the magic of managed switches.
Let's say I put my main router in place, then connect it to a managed switch, where the PVID /VLAN ID is configured for vlan 99 for example. In my case, I have two cables from the main router to the same switch; one going to PVID 1 and one going to PVID 99; Now, I can have other networks with vlan 99 tagged on it, and then build a proxmox server, and to get internet coming off the router ( private ip, but connected ) I just use the 99 vlan tag. Let's say that this is hitting a virtual router, I can connect the virtual Opnsense to pick up the WAN on vlan 99, and feed the output back (LAN side ) into the managed switch(es) as 97. That 97 is still isolated, but accessible by the physical desktop that is typically on the LAN; for this trickery, I usually use either the managed switch, and set 97 to be untagged on a specific port, or I'll grab a USB ethernet adapter that allows me to set the VLAN within the driver. Voilla, I can now interface with the virtual opnsense from a physical machine, whether by switching ports on a switch, or by simply plugging in a USB ethernet adapter and changing the vlan there.
While this sounds "theoretical", well, in practice, it is not just theoretical. It does indeed work. Just got to wrap one's head around how vlans work, and how managed switches work. On my managed switches, I do need to ensure that the tagged VLAN is available on all switches that the traffic has to traverse..
The beauty of this sort of system is that while it seems that virtual is the only thing one can do, it's not; I can indeed plug in a replacement router that I'm testing, using the magic of managed switches, test it completely while the misses is ignorant of the process. Most of my lab is in another room, but the main router/cable modem is in a third; it just requires thinking outside of the box a bit.. Yes, you may see an extra millisecond or so of "lag" with such a setup; But it's not a game changer as far as lag is concerned.
I also have used virtual machines for the purpose; but in the end, it's often easier to reach up, and switch the ethernet over to a different port, or just pull out the USB NIC.
Awesome demo, works perfectly for my use case! I think one step that was missed was forgetting to remove the installation media ISO in Proxmox after installing OPNSense. Not sure if setting up OPNSense with the install media attached caused the interfaces to be reset on reboot. I went ahead and checked "Lock Interface" in OPNSense just in case.
Great content Alex! Sharing studio with KTZ systems 😅
Tailscale nailed it when they hired you.
Shame this only has 4K views as of right now. Tailscale is lit! It will be very mainstream as time moves forward.
Amazing depth and quality!
Excellent tutorial. Thank you.
Coincidentally, I theorized this a couple of weeks back and was planning on testing it out in a weekend. Now I know this works wonderfully. Great video !
Thanks for the demo and info, have a great day
This is so helpful! Thank you!
Short, smart, productive video. Hope you guys make usefull video like this.
Im sorry, i must have miss-clicked thumbs down the last time i was here. This is certainly a thumbs up video.
I corrected my error, wish i could reverse any impact it may have caused.
This video is great and its saved in my to do list. Its really a seal the deal on getting Tailscale.
Thank you very much. You have helped me in ways I never expected to exist and for free🙏👌👏🎯
Wau but that is amazing.
Thanks for explaining this magic box 🎁
Nice feature, great product overview and outstanding video edit
At 16mins 42 there is an option to select a tailnet - how is this achieved as I want to isolate a tailnet for external services from a tailnet for internal services (e.g., Management IPs vs Jellyfin Plex IPs)?
is this...? tech paradise..? oh my im installing this on my opnsense !
Is OPNsense the one that only runs on 64bit X86 chips? Have this feeling I thought about installing it before but my always on computer is an ARM computer.
how about tailscale on pfsense? I've been able to install it as a package but the tailscale version there is so old.
I just installed Tailscale in my OPNSense box, but I was wondering if any firewall rules should be created for the Tailscale interface, or any other configuration that needs to be done?
Do I understand this video in that I could send multiple vlans to my Tailscale network as a remote trunk?
Thanks for the vid - this was extremely helpful. I followed everything but for some reason my ubuntu vm on the vlan is getting dns resolver errors. The opnsense vm does have internet access though. On opnsense > settings > general I left DNS servers blank and checked "allow dns server list to be overridden by DHCP" and on the ubuntu vm all network config is set to auto. it shows dns as the opnsense IP. Any ideas?
Is this VLAN enough to protect my home network for malware testing? I understand that malware can 'vlan hop', but would this be enough?
This video is great, but in opnsense the vtnet1 ip address is missing if I ever reboot the machine
Where did the Ubuntu client got the IP address? from Proxmox or from Opnsense? I followed the steps and I can't seem to get an IP on my Ubuntu VM. Is the DHCP LAN on OpnSense enabled? Thanks.
Awesome video! Thanks for your work!
I installed it on my opnsense following your tutorial but I am still unable to access opnsense without being connected to my home network
Can I implement the subnet-lab with Virtual Box as well?
How would you graduate this setup to be the main router in your network ?
Thx sir , can i ask how can work opnsense tailscale exit node ?
Great timing for us switching from greedy netgate to opnsense
Thanks for the good tutorial.
When using the advertising subnet command. Will that setting stay after a reboot of the opensense router?
Yep!
@@Tailscale thank you! I’m running pfsense with tailscale, but now that I know it works with opensense. It’s time to switch. 😎
Great Video!
Very cool, thank you for sharing this. If I want to achieve the same result, do I need to have a home/real router with VLANs support too?
Question - why do you run a /20 network in a home network? Do you need 4094 hosts?
Alex speaking here.
I use the /20 to segregate my devices into different octets. It’s totally unnecessary but I like it that way. Here’s a full post from my personal blog with more details if you’re curious…
blog.ktz.me/fully-automated-dns-and-dhcp-with-pihole-and-dnsmasq/
You are the best
Awesome!! Thank you
Thanks for this great video. Could you please make a " Site-to-site networking" with tailscale? Thanks
Would be great if this walked thru how to eliminate DERP. No matter what I do I always have to route thru a rely for my opnsense connection
When running `make install`, you may get an error that it couldn't find the `bash` patch, just simply run `pkg install bash` first and that should resolve it for you.
thanks for super info video.
So tailscale support vlan?
Great video. As usual.
Just one remark. Is the audio level a bit low for anyone else? On my Macbook Air M1 I have to set the volume to at least 2/3 to hear. May need my ears dewaxing.
Yes, sound quite low.
Noted for future videos! Thanks
Is OPNsense like pfSense?....if so, which is "better"?, why use OPNSense over pfSense?
Would like to know as well.
I know this man! 🤣. Didnt know you had another channel bud?!
Hello there! It’s Alex.
I’m splitting my time between Tailscale as $dayjob and the self-hosted podcast + my other YT channel as side projects now! Nice to see you here.
@@Tailscale you should have told me about this! I was so confused when this popped up! 🤓 good man. Growing in every way! 🤓👍
Great video... however.... I've followed the steps precisely, twice, and I cannot access my OPNSense instance through Tailscale. It shows under machines, but I can't even get a ping response from it, or the virtual machine behind it. Any suggestions?
Best part of the video is seeing the mouse jiggler running 😅
Thank U for sharing
0:20 We've all been there...
Super video, but assigning tailscale in opnsense causes not original devices error on reboot and manual device assignment leading to reconfig of interfaces on every reboot :( running precise same setup as in video
Upon reboot I've found that sometimes the interfaces need to be reassigned in this scenario via the command line.
Thank you for this video.
How about a video on Tailscale on pfSense? 😊
Insert gif here. *not sure if serious or trolling*
I followed these instructions, but the tailscale installer (make install) had a blue window that popped up and asked me questions about what to install and what architecture I have. I selected V4 for some instruction set, but I must have selected the wrong thing, because my tailscale install halts with:
Building Go cmd/dist using /usr/ports/lang/go122/work/go-freebsd-amd64-bootstrap. (go1.20 freebsd/amd64)
cmd/dist
This program can only be run on AMD64 processors with v4 microarchitecture support.
*** Error code 1
Any idea on what I can do? (I tried to make clean, make install clean, make clean-depends, add GOAMD64=v3 to /etc/make.conf...)
I did it all. Then i just disabled DHCP on the LAN Adapter and nothing worked anymore....
Do you have a dhcp server in the subnet?
@@Tailscale I did have a DHCP Server in Windows Server VM in this Subnet. But maybe i did not configure the Scope on the Server.
🤯🤯🤯🤯 OMG No stop it.
Why do you need 4096 addresses in you home network ?
Volume is so low...