OPNsense Forum
English Forums => Virtual private networks => Topic started by: blucobalt on January 09, 2023, 05:51:11 pm
-
I am trying to set up my network so that I can access my network's local services from a public vps with a static IP.
Here is a diagram of what I'm trying to accomplish:
x.x.x.x is the static ip of the vps
z.z.z.z is the ip of whatever is running the local service i want accessible from outside
┌─────────────────────┐ ┌───────────┐ ┌──────────────────── ┌─────────────────┐
│local network │ │local │ internet │ vps with static ip, │ │
│10.70.0.0/24 ├────────►│opnsense ├───────────► runs latest │ ─────► public internet │
│x.x.x.x:y->z.z.z.z:y │ │firewall │ [wg or zt]│ opnsense │ │ x.x.x.x:y │
│ │ │ │ │ │ │ │
└─────────────────────┘ └───────────┘ └───────────────────┘ └─────────────────┘
I was able to get the firewalls talking to each other over both wireguard and zerotier, but my portforwards don't work due to I think the way the (source?) nat is configured. How can I set this up? Thank you.
-
When I set up a portforward on the vps to point to an IP behind the local firewall, I can check the logs and see that the packets are reaching the destination. I confirmed this with UDP netcat. If I try going back the other way though, with TCP, it looks like the packets get lost between the destination and the local firewall. What should I do?
-
Looks like you have an asymmetric routing, eg: return traffic from 10.70.0.0 network goes through your OPNsense default gateway instead of tunnel its originating from.
Try to set the 'reply-to' field of your pass rule on that tunnel interface to your tunnel gateway.