AliExpress 4x2.5GbE box - Which router OS to install?

[igloo77055]

I got this box a few months ago and have been using it with OPNSense for a while, and it has been mostly working well however I have been having some issues with my setup so I am considering something less advanced to use with it.

While I find myself fairly competent with tech in general, networking is a whole different realm I haven't explored outside of the basics.
Current issues I have:
Half of my Google Home devices don't work, specifically gen 2 Hub, and mini speakers, older Gen 1 hub, Lenovo Smart Display, and mini speaker work perfectly normal as intended.
Port Forwarding doesn't work, or more likely that I'm just not doing it right as it's a bit more complicated than your mainstream consumer routers.
The additional 2.5GbE ports aren't used for switching yet for making new networks.

Nice features to have:
Link aggregation, as I have a modem that can use two ethernet ports to take advantage of the higher than 1Gb internet connection.
Ability to use Adguard Home, or equivalent


That's kind of it, the main reason for going this route was for getting more 2.5GbE ports for my modem and systems, along with the Comcast provided modem didn't allow me to port forward or even change DNS

 

[LodeRunner]

OpenWRT might be an option? Never used, don't know what it supports.

How do you have it cabled? Half the devices not working sounds odd. Screenshots of your firewall rules from the various interfaces would be helpful, along with the Outbound NAT page.

Inbound NAT is usually no problem either, so a screenshot of one of your not working NAT entries is also useful.

I don't know what ASIC, if any, is in that AliExpress box; I wouldn't try to use it for switching.

 

[igloo77055]

I've got two ports used for Link aggregation from my modem into the opnsense box, and one more going from the box to a Zyxel XGS1210-12 into an SFP+ port with an 10GbE transceiver.
From there got two desktops into the two 2.5GbE ports and some other devices into the 1GbE ports, one of which is also a TP link Deco router set in Access Point mode, with other mesh nodes around the house.

I recently switched from the Comcast provided modem as I was originally having problems with my Motorola modem dropping internet every few hours, this isn't an issue anymore which is why I'm using it, so I assume that's why some of the port forwards here are missing the WAN interface

Firewall rules:


Outbound:


The Valheim, Minecraft, and RDP rules were working in the past, haven't tried recently as friends having been playing on the server.

Even after setting these, and checking live view for any of those ports, of for my specific local IP doesn't bring up anything into the log.
Currently there's a beta for a game that I've been trying to play for the past two days without success as I cannot connect to any player.
However connecting to my phone's hotspot gets me a match no problem, similar situation with the Gen 2 Nest Hub where I can set it up with a hotspot, but it refuses to connect and setup with my home connection.

 

[LodeRunner]

Games that do any sort of peer to peer will have trouble with OPNSense’s outbound NAT. You need to make an outbound rule for your computer’s IP or an any/any that has the Static Port option checked.

Is your Comcast modem in bridge mode? If your WAN address is a 10.0.0.0/8, 172.16.0.0/12, or a 192.168.0.0/16 address then you’re also going to have trouble in both directions as well.

And to be clear, the only things plugged into the OPNSense box are the Comcast modem and the Zyxel switch?

 

[igloo77055]

I'm using my own Motorola modem for now using two of the ports for link aggregation. Not using the Comcast modem.
that and the Zyxel switch are connected to the box only.

Still doesn't explain what the heck is going on with those google smart devices lol
It's so odd that some work, yet others don't

 

[LodeRunner]

Sorry misread the switch of modems as the Motorola having issues.

It's probably an outbound NAT or a uPNP/NAT-PMP issue. A lot of software and consumer devices assume they can map whatever firewall rules they want or that they're the only thing behind the firewall that needs a given port and don't play well with strict NAT which is what OPNSense enforces. And a lot of consumer grade router/firewall boxes let that happen by default.

For your NAT port forwards, are there matching firewall rules on the WAN interface? If they didn't get created for some reason, no traffic will pass.

 

[zac1]

I've enjoyed using VyOS for a simple home router. It's an open-source fork of JunOS, basically a customized Debian distro with image management and config system.

 

[igloo77055]

Ended up putting OpenWRT on the box, outside of resizing the 2nd partition everything went pretty easily
By default all ports except WAN are bridged, so no need to physically plug everything into one port via an external switch.

2nd gen Google Home/Nest devices are working perfectly, and got adguard home running as well. Processing time on adguard is higher though, about 2-7ms on OPNsense vs 22-35ms on OpenWRT.
Haven't tried port forwarding yet, however the game I was running into issues with before hasn't had an issue anymore.
So I'd recommend it as an alternative for those that aren't super deep into networking configuration/terminology