Hello,
I've got a home lab running on ESXi which houses OPNSense that has the following interfaces.
WAN - 10.10.100.11/24 - Which is the home router, subnet i have an ISP router that PFW traffic to OPNSense WAN (it's not on a DMZ setup).
VLAN 101-108 & 254 - 10.11.VLANX.1 - These are the VLAN subnets which get tagged from the ESXi virtual switch.
OpenVPN - 10.11.253.1 - This is the OpenVPN subnet that clients get addresses assigned from.
As seen from the attachment i've enabled logging for all the "Deny All" rules associated with each interface.
I'm trying to access the ESX Server while from inside the VPN, the OpenVPN rules seem to work fine, and they are forwarding the traffic correctly to the ESX Server with an IP of 10.10.100.10 but the HTTPS packets get dropped.
I've disabled the bogon and private network rules from the WAN interface and the rules should be getting matched on a first match basis, but contrary to how they should apply they seem to just breeze past the allow HTTP & HTTPS rules even though they should be matching.
I'm trying to switch from PFSense to OPNSense and this exact configuration worked perfectly on PFSense but it just doesn't work on OPNSense.
From what i've tried to find there might be some issue with VLAN tagging perhaps? But if there were issues with VLAN tagging then it shouldn't have worked on PFSense as well.
Quote from: theodorissirogiannis on March 31, 2024, 08:32:17 AM
I'm trying to switch from PFSense to OPNSense and this exact configuration worked perfectly on PFSense but it just doesn't work on OPNSense.
Why are you switching then? To open DNS on the WAN looks like a horrible idea to me in any case.
I just want to try something new on the open source front and from what i could gather you can support TOTP, NextGen Firewall capabilities, Nginx proxy setups and more (not that you can't probably support the same on PFSense too.
Regarding the issue though i'll take my statement about the VLANs back, since i am not doing the tagging from ESXi it shouldn't change the outcome inside OPNSense since traffic is comming from 10.10.100.X and is ending up on the 10.11.253.X subnet which is occupied from the OpenVPN Server.
After finding this recent issue i ran the wizard again and the issue seems to have been resolved?
I just pressed next next on the wizard and i now have access normally even though i didnt change any firewall rules.
My gateway was "Online" before i tried to run the wizard and i didn't change any settings compared to the other post. Everything was already configured, DNS, Gateways etc.
Related Post --> https://forum.opnsense.org/index.php?topic=39189.0