OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: romainp on June 21, 2021, 04:58:53 pm

Title: Help needed on debugging nat issues / switch from pfsense
Post by: romainp on June 21, 2021, 04:58:53 pm

Hi all!
So, I am a pfsense user since several years now. I guess that like some of you, because of various reasons you have decided to give opnsense a try, just like me. So far, I really like what I see, it's not perfect and still have some rough edges at some places but I am really pleased so far by what I see.
I use pfsense on a quotom box which works great, using some vlans, and a pppoe connection. I have an internal openvpn server to remotely connect to my network, 2 vpn sessions (1 to airvpn and the other other to my brother's network). Everything is working fine with PS except the port forward on wan but just note this now.
So in my proxmox server, I have started to create a vm for opensense an replicate pretty much the same config (including surricata, mds responder, kind of stuff). All went good, but for my wan on the test vm, I had to use a dhcp address from the pfsense box. But anyway, it works, even the airvpn port forward this time. Very happy so far.
I have taken a backup from my lab when I feel the config is the same as the pfsense and then format my quotom router and install opensense and then restored the backup.

Now the issues:
- Since my wan was dhcp on lab and now pppoe on prod, I had to reconfigure the wan interface which seems to have broken the port forward on airvpn. Whatever I try to reconfigure it, it's not working now.
- My GF use for work a zscaler / office365 setup. Basically, Office365 does not need any vpn connection for working, and zscaler is used for other internal stuff. It works fine with pfsense. But with opnsense, as soon as zscaler connect, office365 is not connecting anymore. Whatever I tried.

I have tried what my knowledge on router/firewall/network allow me to check but I was not able to fix those issues..
My goal with this post if to have some help in order to pin point what could be the issues to have a way to fix them and then really switch to opnsense.
So I have create a tested environment using opnsense not in a vm this time but on a real server that will work in parallel as pfsense (GF does not like so much my testing with new firewalls :) ).
Now, I can give more details or execute any commands that you tell me to do so I can fix my 2 issues and switch to opnsense for good.

I count on you all to achieve this goal. Thanks again for any good comments.

Title: Re: Help needed on debugging nat issues / switch from pfsense
Post by: thogru on June 21, 2021, 06:38:02 pm

Hi romainp,

If you want to use the "same" configuration in your lab and your production you should consider to interface groups even for single interfaces as discussed here (https://forum.opnsense.org/index.php?topic=23251.0). In such a configuration you can change interface without touching the forward and firewall rules at all.

Kind Regards,
Thomas