OPNsense - Xs4all with separate VLAN
 - on bare metal

Configuration of an OPNsense router / firewall for ISP Xs4all (former Kpn subsidiary)
This document is created based on various sources on the internet (see appendix).

2. Set the internet connection

Internet VLAN

As we have explained in the introduction, Xs4all uses VLANs for it's services. So we have to create these first, in order to use the services. We will start with the Internet service.

vlan-start

Under Interfaces ⯈ Devices ⯈ VLAN, we can see the installed VLANs. Currently there are none, in a fresh install. Click on the + button at the right, to open the VLAN Edit dialog and to set the VLAN information.

vlan-dialog
Setting the device name

But before we do this, we need to address the way in OPNsense a VLAN device is notated. If you open the full help in this dialog (right top corner), you will see the help text beneath the Device field.

‘Leave empty to generate a device name. Custom names are possible, but only in the start of the name matches the required prefix and contains numeric characters or dots, e.g. "vlan0.1.2" or "qinq0.3.4".’

To many users this will be confusing and what not is mentioned is the fact that this name can also not be longer then 16 characters. So you could leave the field empty as is suggested.

Our you can work around it a bit, like we did. So we started with the "vlan0" part, followed by {dot}{port}{dot}{VLAN tag}. So for our Internet VLAN with tag 6 for the WAN connection this would read as vlan0.0.6 in this case.

Parent interface

Next we will set the parent interface the VLAN will be assigned to. In our case this will be port WAN, which is on NIC igc0. It can be selected from the dropdown list, if it is not already by default.

VLAN tag

The VLAN tag for Internet has to be set to 6, as we already have mentioned in the introduction.

Priority

For now, we will leave the priority at the default setting.

Description

The description will later show up into the assignments list, so it is best to set it to something easy to understand. We choose to set this field to xs4all Internet, describing it's purpose fairly.

Lobby, under WAN interface connection, you should see addresses been assigned eventually. Once we are done, click the Save button to store the new VLAN.

vlan-internet
Apply changes

As you can see, the newly created VLAN is added to the list. To activate this VLAN, we need to click the button Apply once, to apply the changes we have made to the list.

Change WAN interface settings

Before we apply the VLAn settings, we first must change some settings in for the DHCPv6 client of the WAN connection. Go to Interfaces ⯈ Assignments to open the list with assigned interfaces.

interfaces-assignments

Here we find the interfaces we have defined during the installation of OPNsense, see chapter Preparation. The interface we are interested in, is our WAN connection. We need to change some setting for the DHCPv6 client first.Click on the [WAN] link, to open the settings for the WAN interface.

wan-settings
DHCPv6 client configuration

Scroll down to the section DHCPv6 client configuration. We need to change the following settings.

wan-settings-dhcpv6

 ➀ Prefix delegation size : set to 48

 ➁ Request prefix only : set to true (mark the checkbox )

 ➂ Send prefix hint : set to false (clear the checkbox )

The setting Use IPv4 connectivity has been removed in V25.1 as it will be set by default

When done, click the Save button to save the changes.

You will also be asked to apply the changes, by clicking the Apply changes button at the top.

wan-settings-apply

Assign the VLAN to the interface

In version 2.5 of OPNsense, the way PPPoE settings are defined, divers from previous versions. There is now a separate menu item Point-to-Point for this purpose, under Interfaces ⯈ Devices. Please follow the new procedure as explained below.

We now have our VLAN created, but we must still assign it to the active interface. As you can see it is already set to the PPPoE protocol, directly on port igc0. But we need to change this assignment to the VLAN.

Change PPP-specific settings

Scroll down to the section Point-to-Pint configuration. Click the Click here link, to open the PPP-specific settings. Alternatively, you can also go to the PPP-specific setting, under menu Interfaces ⯈ Devices ⯈ Point-to_point, were this setting is listed.

wan-settings-pppoe
Select the VLAN

in the PPP-settings dialog, you will see the port igc0 selected as the port for the Link interface. We need to change this setting to our Internet VLAN.

pppoe-settings

Select the dropdown list with devices from this setting. Then, select the Internet VLAN vlan0.0.6. A checkmark will show after the the entry, to indicate it is selected.

Next we need to deselect the original interface, igc0, in this list.

dropdown-list

Click the Save button top apply the changes. At this point, OPNsense is configured sufficiently, to replace your current router for a internet only connections, so let see if it works.

Testing the connection

Connect the WAN interface to your ISP modem, instead of the FB7590, and wait until the connection is established, which can take up several seconds. In the Lobby of the OPNsense Dashboard, you can follow the progress.

In the Lobby, under WAN interface connection, you should see addresses been assigned by your ISP eventually. Once connected, you should be able to access the internet from the laptop, that you have (still) connected to the LAN interface.

If you do not see any progress in the Lobby, you should first check your connections and then reboot the router. If this still does not solve the problems, you want to revisit all te settings you have made before, to make sure there are no mistakes.

20250217-01

⯇ 1. Initial login and general setup