Recently got a mini PC to set up my own router but configuring OPNsense successfully has been proving difficult. I've tried various guides here and on other sites which are mostly for TM Unifi but replacing it with Maxis VLANs but nothing seems to work. I have a 4 port device, ETH0 is dedicated to Proxmox running underneath, ETH1, ETH2 and ETH3 are added to OPNsense. ETH1 I'm trying to set as the port to my AP (an existing Asus router, before upgrading to Ubiquiti), ETH2 as LAN to my dumb switch, and ETH3 as WAN. No matter what I try OPNsense never seems to get connected to the internet. I'd pay for someone to guide me through successfully, or to have a video call where you Parsec in or guide me with share screen. Add me on Discord if you want to chat about it, Samfishersam.

This post has been edited by ArmedandDangerous: Apr 15 2024, 11:33 PM

Firstly, you should figure out what infrastructure are you running on as they use different VLANs

For
Maxis on Unifi - 621
Maxis own infra - 11

there are also a few rarer configs like Maxis on Allo and Maxis on Celcom Timur Sabah

you can check with the provided router and see which vlan was used for internet

the PPPoE credentials should be like
A123456@home.maxis.com.my
or @public.maxis.com.my if using public IP

the password should be like A1234561, note the extra 1 at the back compared to the username, however, sometimes, the 1 is not present depending on how they setup your account

AFAIK I am on TM infra as the TM guys always have to be present if anything breaks that is outside the house. I do have my PPPOE username and passwords as I do have to use them on my existing Asus router. I've tried following guides for TM Unifi but replacing it with Maxis VLANs and it doesn't seem to work.

This post has been edited by ArmedandDangerous: Apr 16 2024, 10:21 AM

Have you tried without proxmox? How do you assign the NICs to the opnsense VM?

I've created virtual NICs for the VM as I assume it'll be easier to migrate it to a different host in the future vs a NIC passthrough. I am able to SSH into the VM so I'm not sure if it's a NIC issue or not. Any help is appreciated. I run it in a VM as I plan to also use Ubiquiti AP's in the future and would like to run the Ubiquiti Network in a VM on the same machine, keep all the network stuff on one machine seems like it'll be easier as they will always be on.

It’s best to not create virtual NICs for OPNSense, always pass through physical NICs on your device to OPNSense VM

Try that, I’ve always tried to pass through physical NICs in Proxmox and avoided throwing my stuff on bridge whenever possible and never had much issues if not at all, but I am using a full ATX build with Intel gigabit NICs

For whatever reason IOMMU shows all my NICs are in the same group even though Intel VT-D is already enabled in BIOS. My real issue is that I don't know if I'm configuring the VLANs and PPPOE correctly, and bridge shouldn't cause any issues except maybe some performance loss if any. Could you guide me through the setup process for Maxis? I've done what I could with my limited knowledge. I would like to stay with bridged NICs as hardware may change later on which makes migrating more complicated than necessary.





This post has been edited by ArmedandDangerous: Apr 23 2024, 04:31 PM

where and how are you configuring the vlan

Through the web UI. I basically did this but replaced it with Maxis VLAN instead. I stopped after PPPOE configuration as the connection to Maxis was not established anyway so did not proceed further down the guide.

https://dev.to/froxity/setup-pfsense-with-t...alaysia-isp-ddj

This post has been edited by ArmedandDangerous: Apr 23 2024, 05:09 PM

in proxmox configure the bridge you are using for WAN NIC as vlan aware

They are already set as VLAN aware in proxmox.

and what vlan are you assigning to the opnsense vm, 4095?

VLAN 621 is what I read is Maxis VLAN using TM infra. I'm not sure what VLAN 4905 is tho!

if you set vlan 621 on VM level, then in opnsense VM you don't need to configure vlan anymore
if you set vlan 4095 on VM level, then the VLANs will be passthrough and you will need to configure vlan in opnsense

Would it be better to set VLAN in opnsense itself since I need to configure for VOIP as well? I would like to use the VOIP service as sort of a "house phone".

that depends on where and how are you going to configure the VOIP
if the connection is going through opnsense, then yeah you need to go with the configure VLAN in opnsense method
if you are going to configure it somewhere before opnsense, then it doesn't matter which method you choose

I would like as few devices running as possible to save on power and heat. My current setup is an Asus RT-AX86U router, which has a built in VOIP setting that passthroughs the VOIP connection to the default Maxis router. So it's NPU -> AX86U -> Maxis Router -> VOIP Phone. I would like to cut out the Maxis router if possible, and I will temporarily be using the AX86U in AP mode if I can ever get OPNSense to work. I think setting VLANs in OPNSense is the most practical for my use case?

you could cut out the maxis router if you have an ethernet voip phone that can change its user agent to pretend to be the maxis router

or, use a software based voip phone

If that's the case for the sake of simplicity I'll keep the Maxis Router in the loop. Still having lots of problems with resolving PPPOE so I can't get online with OPNSense ):

With some help and guidance from trix connecting to Maxis now works! Now to get VoiP working! I have decided to keep the Maxis router in the loop as that seems to be way easier to configure without having to setup user agents etc etc.


Do I just need to add a VLAN to my LAN interface, connect my Maxis router to a free port on the switch, then connect the phone to the Maxis router? That was my setup when using the Asus Router before moving to OPNSense. ONU-> Asus Router -> Maxis Router -> DECT Phone. The Asus router had VOIP settings easily configured, just had to select from a list of ISPs and connect the Maxis router to the correct NIC and it worked.

Anyone know how to do it from OPNSense?

This post has been edited by ArmedandDangerous: May 4 2024, 08:35 PM

when i was using maxis fiber a few years back, i configured the phone on the ONT itself
https://forum.lowyat.net/index.php?showtopi...60&p=91845910&#
power off ONT, unplug fiber cable(important), configure PC's IP address, power on ONT, login and configure

else, you might want to configure something like this:
ont -> pnic1 -> proxmox vmbr0 -> opnsense vnic1 (wan), vnic2 (voip)

pnic2 -> proxmox vmbr1 -> opnsense vnic3 (voip)

bridge vnic2+vnic3

pnic2 -> maxis router -> dect phone


edit:
or you can also try to bridge the 2 pnic interfaces in proxmox instead of doing it in opnsense

This post has been edited by trix: May 5 2024, 09:57 AM

Hi Trix, thanks for the response. Do all these steps require messing with the ONT? I would prefer one that sets it up in OPNSense so the VM can be migrated to a different host in the future if needed without much issue. That link doesn't lead to anyone talking about VOIP? Am I missing something? I'm not opposed to having the maxis router in the loop although obviously not having it around is 1 less device to power and cable manage.

From what I can gather, "pnic2 -> proxmox vmbr1 -> opnsense vnic3 (voip)" seems like the easiest way to achieve that? I do have 1 extra port on my router/mini PC that I can use for the DECT phone/maxis router.

you only need to mess with ONT if you want to try the configure VOIP in ONT step
try this link, post #4186
https://forum.lowyat.net/topic/3487634/+4180#

btw, these are separate methods:
1.
ont -> pnic1 -> proxmox vmbr0 -> opnsense vnic1 (wan), vnic2 (voip)
pnic2 -> proxmox vmbr1 -> opnsense vnic3 (voip)
bridge vnic2+vnic3 in opnsense
pnic2 -> maxis router -> dect phone


2.
bridge the 2 pnic interfaces in proxmox instead of doing it in opnsense


if you will be using maxis router for VOIP, then doesn't matter #1 or #2
if you will be using any other software VOIP phone, need to use #1 with additional vlan tagging for voip in opnsense

This seems to be the easiest to implement, thank you!



This post has been edited by ArmedandDangerous: May 21 2024, 04:47 PM