Hi everybody,
I am running hassOS on a dedicated machine (intel NUC i7). Current firewall / router is an incredibly slow machine running pfSense.
Since I needed wanted new hardware, I thought I’d switch to another s oftware, opnSense, as well. So far, so good.
However, when first creating my VLANs, I made a mistake: the one for untrusted IOT devices was too small (192.168.100.0/24). This resulted in me creating another VLAN (10.0.20.0/24). Which is kinda stupid, it should have been 10.0.0.0/24, but I wasn’t aware of that at the time.
So now I am preparing opnSense to be the new router, and don’t know what to do about all my devices. I have multiple ESPHome devices, which all got assigned static IPs via pfSenses DHCP server. Same with countless Tasmota devices, which shouldn’t be that big of a deal, as they use mqtt and Home Assistant doesn’t need their IP (if I understand correctly). But still…
I am currently setting up VLANs on the new machine, and was planning these VLANs
- internal
192.0.0.0/24just for opnSense, myUbituiti Unifydevices, and some ethernet switches - trusted_fully
192.168.0.0/24my personal devices, NAS servers, HASS - trusted
172.16.0.0/12devices used by household members - untrusted
100.64.0.0/10alexas, ip cameras, iot devices that require cloud access - iot
10.0.0.0/8ESPHome devices, Tasmota devices, other IOT devices that do not require cloud access - testing not sure about this one; considered having a VLAN just for test projects, mainly ESPHome, before I want to use them productively in Home Assistant; however, the iot VLAN can handle 16777216 IP addresses, so perhaps I’ll just use that one for this
All these addresses should be fine to use without causing issues with public IP addresses.
But yeah, currently, my IOT devices are split between 192.168.100.0/24 and 10.0.20.0/24. They are placed all around the house, garage, and garden, and some are currently not even connected to the WiFi (for example, Christmas-related things).
How would you switch from the old hardware (pfsense) to the new (running opnsense), which means that the IP ranges of the different VLANs will be different? I should be able to use the same VLAN IDs, so technically all devices connected through WiFi should not require different credentials to be entered - once switched, they will connect to their assigned VLANs. But they will definitely all have different IP addresses than they do now.
I want to assign each VLAN something like <device>.iot.<my-tld>, so that devices will not be linked to Home Assistant by providing their IP, but rather just something like esp32_livingroom.iot.<my-tld>, so when the DHCP server changes their IP address, they will still be reached by Home Assistant.
Just while typing this, I realize that while the Tasmota devices’ IP addresses don’t matter, one thing does matter: they all have the Home Assistant IP address in their configuration, as it is also my MQTT server. This address will also change when switching, so while all Tasmota devices will still be on the network, neither of them will reach an MQTT server under the configured IP address.
Have any of you gone through something similar and can provide some methods to safe me from doing all this manually? I mean, technically, everything can be done by a lot of repetitive tasks, so it is not impossible - but ideally there are some tools that can circumvent all the manual steps…?
Thank you in advance for your ideas 