"
Hello everyone,
I hope I can find help for my problem here. I have been working on setting up a VPN tunnel from a VPS to my Homelab for a few days.
The tunnel itself is not the problem. The tunnel is up and running, I can also reach all participants via ping and a "nmap" on port 80 and 443 from the VPS in the direction of the reverse proxy is also successful.
In my opinion, there is no response from the reverse proxy.
If any of you can find the time to look at the problem, I would be very grateful!
If you have any questions or need information, please let me know.
First a few details.
The VPS serves as a wireguard server (10.10.90.1). The Opnsense (10.10.90.2) connects to the VPS as a client.
Behind the Opnsense is a reverse proxy (10.10.20.4). All incoming requests on port 80 and 443 on the VPS should be forwarded to the reverse proxy.
Enclosed is the Wireguard config:
The following settings have been made on the Opnsense:
VPN -> Wireguard -> Instances:
VPN -> Wireguard -> Peers:
Firewall -> Rules -> Wireguard_proxyvpn:
Firewall -> Rules -> DMZ (Reverse Proxy Network)
System -> Gateways -> Single:
This option is also activated on the VPS.
I hope I can find help for my problem here. I have been working on setting up a VPN tunnel from a VPS to my Homelab for a few days.
The tunnel itself is not the problem. The tunnel is up and running, I can also reach all participants via ping and a "nmap" on port 80 and 443 from the VPS in the direction of the reverse proxy is also successful.
In my opinion, there is no response from the reverse proxy.
If any of you can find the time to look at the problem, I would be very grateful!
If you have any questions or need information, please let me know.
First a few details.
The VPS serves as a wireguard server (10.10.90.1). The Opnsense (10.10.90.2) connects to the VPS as a client.
Behind the Opnsense is a reverse proxy (10.10.20.4). All incoming requests on port 80 and 443 on the VPS should be forwarded to the reverse proxy.
Enclosed is the Wireguard config:
Code Select
[Interface]
PrivateKey = ----
ListenPort = 1195
Address = 10.10.90.1/28
PostUp = iptables -A FORWARD -i ens6 -o wg0 -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -o ens6 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
PostUp = iptables -t nat -A PREROUTING -i ens6 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 10.10.20.4
PostUp = iptables -t nat -A POSTROUTING -o wg0 -p tcp -m multiport --dports 80,443 -d 10.10.20.4 -j SNAT --to-source 10.10.90.1
PostDown = iptables -D FORWARD -i ens6 -o wg0 -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -o ens6 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
PostDown = iptables -t nat -D PREROUTING -i ens6 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 10.10.20.4
PostDown = iptables -t nat -D POSTROUTING -o wg0 -p tcp -m multiport --dports 80,443 -d 10.10.20.4 -j SNAT --to-source 10.10.90.1
[Peer]
PublicKey = ----
PresharedKey = ----
AllowedIPs = 10.10.90.2/32, 10.10.20.4/32
PersistentKeepalive = 25
The following settings have been made on the Opnsense:
VPN -> Wireguard -> Instances:
Code Select
Tunnel addresse = 10.10.90.2/28
Peers = proxy-vpn
Disable Routes = yes
Gateway = 10.10.90.1VPN -> Wireguard -> Peers:
Code Select
Name = proxy-vpn
Allowed IPs = 10.10.90.1/32
Endpoint Address = IP address of the VPS
Endpoint Port = 1195Firewall -> Rules -> Wireguard_proxyvpn:
Code Select
IPv4 TCP, S: 10.10.90.1, P: *, D: 10.10.20.4, P: 80
IPv4 TCP, S: 10.10.90.1, P: *, D: 10.10.20.4, P: 443
IPv4 ICMP, S: 10.10.90.1, P: *, D: 10.10.20.4, P: *
IPv4 TCP/UDP, S: Wireguard_proxyvpn net, P: *, D: Wireguard_proxyvpn net, P: 80Firewall -> Rules -> DMZ (Reverse Proxy Network)
Code Select
IPv4 ICMP, S: 10.10.20.4, P: *, D: Wireguard_proxyvpn net, P: *System -> Gateways -> Single:
Code Select
N: Wireguard_proxyvpn, I: Wireguard_proxyvpn, G:10.10.90.1, MIP: 10.10.90.1This option is also activated on the VPS.
Code Select
net.ipv4.ip_forward=1
