Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: meni1234 on January 02, 2024, 01:25:27 PM

Title: VPS Wireguard + NAT forwarding
Post by: meni1234 on January 02, 2024, 01:25:27 PM
Hello everyone and a happy new year

I need your help with my homeserver because I can't get opnsense to forward the traffic to a VM.

My setup:
I have a physical server with debian 12 and proxmox. This is connected to a router which is connected to the internet through a CGNAT. As I am behind a CGNAT I have to use a public IP via a VPS. I isolate my host system with Proxmox and opnsense. Using Wiregurad, the virtual opnsense establishes a tunnel to the VPS. The VPS sends the required ports directly to the opnsense, which works perfectly. It is important to note that I only have one physical NIC. So I use the physical NIC with a linux bridge (vmbr0) for the WAN and a virtual bridge (vmbr1) for the LAN connection at opnsense.

Infa:
(https://i.ibb.co/98QNX27/Screenshot-from-2024-01-02-13-29-10.png) (https://ibb.co/RvR9nPq)

My problem:
The traffic e.g. 80/443 arrives on my opn sense. For example, I can access the webui of opnsense for test purposes from the public ip by forwarding80/443. But now when I create a NAT rule which should forward the traffic from the opnsense to a vm with a ngix webserver this does not work and I have no idea why not. Of course I changed the opnsense oprt from 443 to 441.

I proceed as follows:
I create a NAT rule:
Interface: OPT1 (WG)
Destination: OPT 1 net
Connection range: 80/443 to 80/443
Redirected destination IP: 192.168.1.103
Redirected carry port 80/443
NAT reflection: activate

Log:
(https://i.ibb.co/jLcYmHN/Screenshot-from-2024-01-02-13-12-26.png) (https://ibb.co/khRTjM7)

Do I have a fundamental misconception here? Maybe one of you has an idea what I am doing wrong here. What else do you think about the construction of my network, do you think this is a secure approach or do you have any suggestions for optimization?

Thank you in advance.

best regards meni
Title: Re: VPS Wireguard + NAT forwarding
Post by: meni1234 on January 02, 2024, 01:57:14 PM
Holy shit I found the solution , I had a old wg0 interface on my vm with the webserver. I think this was blocking the fowarding? But how? I removed now wireguard form my vm (192.168.1.103) and everything works perfekt now. Thats crazy I was searching for days for the issue, I think I need a short break XD.

Then I have another question, how can I best enable access to the vms via ssh from my host (192.168.8.2)? So far this is not possible. Do you have any other suggestions for improving my setup?
Title: Re: VPS Wireguard + NAT forwarding
Post by: nikosfilippos on December 17, 2024, 12:09:23 AM
Hi meni1234, can you please give a configuration example of how you connected OPNsense with the VPS?
Text only | Text with Images