Hello,
Since I changed my ISP, I no longer have direct access to my home network because of IPv6. To solve this problem, I got myself an IONOS VPS-S server with IPv4 address, which I would like to connect to OPNsense and forward needed ports like HTTP to my systems.
I have to admit that I am an absolute beginner when it comes to OPNsense, so please bear with me. The IONOS server with its IPv4 address is in place and the OPNsense firewall is prepared and available on my network. Can someone briefly explain to me the steps needed to set up a tunnel between the two and forward, for example, port 80 from the IONOS server to OPNsense? I have read about autossh from OPNsense to IONOS server, but also wireguard and openvpn.... What is the best and "easiest" way?
			
			
			
				Quote from: ChrisVH1982 on September 15, 2021, 09:59:26 AM
I no longer have direct access to my home network because of IPv6.
What do you mean by this?
			
 
			
			
				I have DS-Lite so the IPv4 I am receiving from my ISP is not usable and I won't switch everything to IPv4. Therefore I require an alternative entry point such as a public server with its IPv4 address.
			
			
			
				I guess you could create a site to site VPN and then configure fw rules on the public server to forward or proxy specific traffic to the backend services through the tunnel
			
			
			
				So e.g. use OpenVPN (or better Wireguard?) to connect from OPNsense to IONOS server running CentOS?
Can I forward port from IONOS server through the tunnel or do I need to get these somehow from OPNsense?
			
			
			
				Something like that. You should be able to port forward, though if using WG take note of this (https://github.com/opnsense/core/issues/4389#issuecomment-865349224)
The alternative for a website is to set up a reverse proxy on your public server to proxy to the local webserver
			
			
			
				To be honest I was hoping to get direction to a step by step guide of somebody who's facing same issue. I am not the first one facing this issue.
Like...
1. Install WireGuard / Open VPN
2. Setup WireGuiard / Open VPN like this...
3. Install counterpart on public server
4. Configure counterpart server
5. Establish the tunnel
6. Forward port XYZ like this...
			
			
			
				Someone who has implemented something like it might weigh in. Otherwise there is always google. The first hit I found was https://reposhub.com/python/security/mochman-Bypass_CGNAT.html
			
			
			
				Thanks for the link. Google can't help when you are missing the right keywords.