Welcome to the Tweaking4All community forums!
When participating, please keep the Forum Rules in mind!
Topics for particular software or systems: Start your topic link with the name of the application or system.
For example “MacOS X – Your question“, or “MS Word – Your Tip or Trick“.
Please note that switching to another language when reading a post will not bring you to the same post, in Dutch, as there is no translation for that post!
So I have KPN Fiber at home (not "zakelijk") 1 Gbps up/down and wanted to get rid of the KPN standard modem and use my OPNSense firewall for this. For reference I did this on March 9th, 2025 - just in case OPNSense looks different or KPN made changes to things.
For the hardware I used a N100 (CPU) based mini PC, which also runs the OPNSense Wireguard-server for accessing my home network when I'm on the road. Obviously, performance was a concern since I am running OPNSense with Wireguard, PPPoE for the Fiber connection, and a full fledge Home Assistant setup, but with this hardware (N100 CPU, 4x 2.5Gbps Ethernet, 16Gb RAM, 128Gb SSD) things run butter smooth. Running a wireguard connection playing a 4K movie made it not even dit 20% load.
Tip: if you decide to get a switch, then pick a switch with 2.5Gbps ports. My old 1Gbps switch gave me less than a 950Mbs up/down throughput with SpeedTest, where my newer switch with 2.5Gbps ports gave me a 1100Mbps download speed and at rare times even a 1400Mbps upload speed (1150 was the lowest speed I had observed).
Note: These are the Quick an dirty settings for Internet Only, mostly for own references, but it could be useful to others as well.
I did not setup the TV part since I do not use KPN (IP)TV. For those who do care: it is said to work anyway (possible slightly slower channel zapping) without all the extras.
Note: I assume you have a working OPNSense setup, possibly behing a KPN modem or an alternative (like a Fritz!box).
Step 1: Update OPNSense and make a Backup your OPNSense settings
Update your OPNSense setup and make sure it is working properly after the update.
After that, it's always good to be able to go back if things do not work out.
To make things easier on myself: I deleted the old "WAN" in the "Interfaces"->"Assignments" section before I started with the next step.
Step 2: Connect the hardware
To keep things simple, I simply connected my OPNSense directly to the ethernet cable that comes from the fiber-box installed by KPN into the existing WAN port of the OPNSense PC. I did hookup my laptop straight to the OPNSense box as I normally would to configure the settings.
Step 3: Create a VLAN for Internet traffic
Device: vlan06
Parent: the network connection of your WAN port
VLAN tag: 6
VLAN priority: Best Effort (0, default)
Description: KPN_INTERNET
(you can pick whatever you like for the "Description")
Click Save and click Apply where needed.
Step 4: Create a PPPoE point-to-point entry
Go to "Interfaces" -> "Devices" -> "Point-to-Point" and add a new entry by clicking "+"
Link Type: PPPoE
Link Interface: vlan06 (created in step 3)
Username: internet
Password: Internet
Click Save.
Note: I added this step later as I had skipped that in the original text.
I hope this is the right location for this step.
Thanks pi314314 for helping me figure this out. 😊
Step 5: Assign the interfaces
Again: I deleted the old WAN, just to avoid confusing when using the phrase "WAN" for my new connection.
Under "Interfaces" - "Assignments" we want to connect a new WAN interface to the VLAN we just created.
Create a new interface with these settings:
Device: KPN_INTERNET (the VLAN we just created in step 3)
Description: WAN
Click Save and click Apply where needed.
Step 6: Configure the WAN settings
Still under "Interfaces" - "Assignments" we can now click [WAN] to edit the details.
Enable: check
Lock: check (optional)
Description: WAN
Block private networks: check
Block bogon networks: check
IPv4 Configuration Type:PPPoE
IPv6 Configuration Type: DHCPv6
MTU: (you can leave that blank, it will auto populate and result probably in 1492)
Username: internet
Password: internet
Use IPv4 connectivity: check
Configuration Mode: Basic
Prefix delegation size: 48
Request prefix only: check
Click Save and click Apply where needed.
Step 7: Optional - Verify you're running in Hybrid NAT
This may not be necessary but I have seen others mention it.
Mine was already running in Hybrid NAT mode.
Under "Firewall" - "NAT" - "Outbound" check the "Hybrid outbound NAT rule generation" option.
Click Save and click Apply where needed.
Final steps and test
To see what the status of your connect is, go to "Interfaces" - "Overview".
You'll find your new WAN connection there where you can see if everything works.
To the right you will see a magnification glass which will reveal the details.
Note: Mine showed an odd line rat of 64 Kbt/s, but speedtest showed me something very different so don't be alarmed. For reference: used the SpeedTest from the App Store on my Mac. My Mac used a 2.5Gbps ethernet port (USB dongle). As mentioned before: a 1Gbps ethernet port will produces speeds around 950 mbps.
For reference:
I use this 2.5Gbps 8 port switch from AliExpress for almost 2 years now and am very pleased with how it performs (Note: this is NOT and affiliate link).
When I bought it, it was $80, but the price has already dropped to $44 today (and I ordered another one 😁 ).
Hello,
I am trying to do same setup with OPNsense 25.1.
But when I directly create a vlan and assign it to WAN, in the WAN interface there is no option is appearing for pppoe. It is either DHCP or none.
So, what I did i created pppoe from the Poin to Point and assigned this one to the WAN. It is directly getting ipv6 and ipv4 fast. And I am having WAN connection however I can not open speedtest.net for example, or when I open youtube in the home page everything comes except videos and in there it saying "history bla bla". I can open google make search even do speedtest on google.
I set my DNS to 1.1.1.1 and secondary 9.9.9.9 as well.
I changed to MTU 1492, 1500 also add MSS in the pppoe page but result is same.
First, any idea, why I do not have pppoe option if I follow your guide.
Or how can I fix this -i think- DNS issue(?) about some of the pages are opening, some of them not.
Full disclosure:
I'll admit that I'm not an expert, and I posted this mostly as a reference for myself and a friend of mine.
Now, I'm running OPNSense 25.1.7 at the moment, but I'm not sure what exact version I used during this setup.
Did a quick search and found this post, saying that one has to create a PPPoE interface first (Interfaces > Devices > Point-to-Point).
Since I cannot reproduce the situation, could you try this and confirm if this is indeed the case?
Maybe I can update the instructions then in case I missed that step 😊
@hans Thans for your answer.
Yes, it seems I did correctly, created pppoe and assigned WAN instead of directly creating VLAN. With that, in the dashboard, I can see that, I got ipv6 and ipv4 from KPN. However issue about could not openning some page and for exampl not seein main screen(videos) in Youtube is still there.
Do you remember that did you anything about DNS? My issue seems related about that. By the way I am not expert as well, even noob. :)
Just checked my settings (took me a bit to even find it):
Under System -> Settings -> General -> Networking section I've set these under DNS Servers:
8.8.8.8 (Google DNS) 1.1.1.1 (Cloudflare DNS) 1.0.0.1(Cloudflare DNS) 208.67.222.222 (OpenDNS) 208.67.220.220 (OpenDNS)
Can't say these are the smartest or best choices, but it works for me 😊
Hope this helps.
You did not miss anything but configuration is different in v25. I am now trying with v24 which I can follow your step your guide step by step. However this time I am getting IP but it is not pinging anything. And my laptop says "Not internet". :D
Could very well be that I used v24, did not (unfortunately) take note of it at the time. Pretty sure it was not older than v24 - so we're getting somewhere. 😊
So you do get an IP address, and you tried something silly like " ping 8.8.8.8 " (works on my setup).
Or did you try to ping a domain name (which could be explained as a DNS issue/setting).
I'm confident you checked your laptop's network config (assigned IP address, DNS, mask).
Just something that came to mind:
- You used the same VLAN name/tag
- Username/password: internet
I have seen others list other username/passwords - they did not seem to work for me, but then again I was where you're at right now as well at some point so I just tried the variations I have seen elsewhere. The one in the steps is what I use right now.
Other username/passwords (here for example - I went through several guides which is why I ended up writing down my own steps here for my own future reference 😉) I have seen
username: kpn@internet (or even just kpn)
password: kpn
- I recall having to reboot a few times - not sure if it made a difference.
I've just created a reddit post what I've tried to get help :D.
https://www.reddit.com/r/opnsense/comments/1lmty8l/trying_to_setup_opnsense_for_kpn_fiberoptic_dutch/
I think I tried that as well and not related about credentials. Because, somehow KPN gives me IP address.
When I ping 8.8.8.8 it returns reply from 192.168.2.44 that surprised me a bit. I thought this black box on the fiber end trying to use old configuration still. Powered off for 5 mins to reset it but did not help. I think it recovers again from the KPN server.
And thank you by the way for your help.
You're welcome, been where you're at right now and bouncing of thoughts is always nice.
So your 8.8.8.8 returns replies from 192.168.2.44? Is this your OPNSense box? Or something else?
First thing that came to mind was a modified .hosts file or DNS entry. Which its probably not.
What does a ping from another PC do? (maybe I'm going to deep into that rabbit hole - better go get my first coffee for this morning haha)
Oh just an idea, you can do a PING from OPNSense as well: Interfaces -> Diagnostics -> Ping.
You can even set it up as a job, ready to be used whenever you'd like.
I remember now using that often, to eliminated all kinds secondary issues I might have overlooked.
Are you running OPNSense bare metal? Or as a virtual machine?
I run it as a Proxmox VM on a N100 mini PC - which works great, but took some effort to use the right settings in the virtual machine as it comes with an extra layer of challenges. My old OPNSense setup was bare metal - which I'd normally recommend, but on that same device I also have a Home Assistant VM running, and the total load rarely exceeds 20% (and I have Wireguard setup for remote access).
Anywho - always feel free to ask or bounce off questions. I know how it feels sitting there all alone 😉
Yes, later on I have realized 192.168.2.44 was LAN IP address of the laptop(actually this LAN IP was assigned by the KPN router since it was connected to that) which is connected to the OPNsense. It seems OPNsense could not assign LAN IP. I will check that now. I'd expect LAN interface is already condifugred by default so it can assign IPs.
Proxmox bare metal, and running OPNsense in a VM.
And yes I did not modify .hosts file earlier.
Hey 👋,
Do you wanna know how this guy completely wasted whole Saturday? By not configuring DCHPv4 in the OPNsense.🎉
After configuring DHCPv4 now it seems it is working. I could ping 8.8.8.8, 1.1.1.1 and google.com, speedtest.net. And this time I could access to speedtest.net and run. (To be fair, I thought it will be available by default. And it might be if I ran wizard.)
What I understood, my PC was taking IP as static(since this was configure in the PC), however OPNsense did not know what to the in LAN. Because gateway is not set for example. After setting DHCPv6 I also removed static IP from PC and boom!
Side not for your guide and rest of all. v25.1 you need to first create point to point for PPPoE, than create vlan06 and parent this is PPPoE you created. Then assign vlan06 to WAN. I can confirm that now, this works. :D
Again, thanks a lot for your help.
Ah you got thins running! NICE 😊
Just a side note:
Proxmox bare metal, and running OPNsense in a VM.
Oh cool, make sure you have the right ports assigned. I did a hard assign of two NICs (PCI):
So basically I have a NIC assigned for Proxmox itself, so I can access the dahboard, which I let Proxmox handle itself.
For LAN and WAN I've assigned the two PCI devices (NICS).
No idea if this is the best way - I had performance in mind when I did this 😊
Side not for your guide and rest of all. v25.1 you need to first create point to point for PPPoE, than create vlan06 and parent this is PPPoE you created. Then assign vlan06 to WAN. I can confirm that now, this works. :D
Again, thanks a lot for your help.
I'll have to look and see how it's done and include it in the step.
You're most welcome, glad to hear you've got things working!
