OPNsense Forum

English Forums => Virtual private networks => Topic started by: ChrisVH1982 on September 15, 2021, 09:59:26 am

Title: Tunnel ports from public server through OPNsense to host
Post by: ChrisVH1982 on September 15, 2021, 09:59:26 am

Hello,

Since I changed my ISP, I no longer have direct access to my home network because of IPv6. To solve this problem, I got myself an IONOS VPS-S server with IPv4 address, which I would like to connect to OPNsense and forward needed ports like HTTP to my systems.
I have to admit that I am an absolute beginner when it comes to OPNsense, so please bear with me. The IONOS server with its IPv4 address is in place and the OPNsense firewall is prepared and available on my network. Can someone briefly explain to me the steps needed to set up a tunnel between the two and forward, for example, port 80 from the IONOS server to OPNsense? I have read about autossh from OPNsense to IONOS server, but also wireguard and openvpn.... What is the best and "easiest" way?

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: Greelan on September 15, 2021, 10:15:38 am

Quote from: ChrisVH1982 on September 15, 2021, 09:59:26 am

I no longer have direct access to my home network because of IPv6.

What do you mean by this?

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: ChrisVH1982 on September 15, 2021, 10:20:57 am

I have DS-Lite so the IPv4 I am receiving from my ISP is not usable and I won't switch everything to IPv4. Therefore I require an alternative entry point such as a public server with its IPv4 address.

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: Greelan on September 15, 2021, 10:26:46 am

I guess you could create a site to site VPN and then configure fw rules on the public server to forward or proxy specific traffic to the backend services through the tunnel

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: ChrisVH1982 on September 15, 2021, 10:31:56 am

So e.g. use OpenVPN (or better Wireguard?) to connect from OPNsense to IONOS server running CentOS?
Can I forward port from IONOS server through the tunnel or do I need to get these somehow from OPNsense?

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: Greelan on September 15, 2021, 11:10:16 am

Something like that. You should be able to port forward, though if using WG take note of this (https://github.com/opnsense/core/issues/4389#issuecomment-865349224)

The alternative for a website is to set up a reverse proxy on your public server to proxy to the local webserver

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: ChrisVH1982 on September 15, 2021, 11:28:44 am

To be honest I was hoping to get direction to a step by step guide of somebody who's facing same issue. I am not the first one facing this issue.

Like...
1. Install WireGuard / Open VPN
2. Setup WireGuiard / Open VPN like this...
3. Install counterpart on public server
4. Configure counterpart server
5. Establish the tunnel
6. Forward port XYZ like this...

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: Greelan on September 15, 2021, 11:38:54 am

Someone who has implemented something like it might weigh in. Otherwise there is always google. The first hit I found was https://reposhub.com/python/security/mochman-Bypass_CGNAT.html

Title: Re: Tunnel ports from public server through OPNsense to host
Post by: ChrisVH1982 on September 15, 2021, 11:57:49 am

Thanks for the link. Google can't help when you are missing the right keywords.