Messages

1

General Discussion / Re: Please Make a Donation to OPNsense

« on: March 12, 2021, 08:11:12 am »

great idea, also put up a 3€/month donation instead of doing one time donation like in the past. Been using opnsense for 1 1/2 years now, on my radar for longer thank you for such a great product!

2

21.1 Legacy Series / Re: WireGaurd Public IP traffic replying out of wrong WAN.

« on: February 19, 2021, 12:42:25 pm »

Issue is the same with GRE Tunnel. It seems to be with all virtual Interfaces.

3

21.1 Legacy Series / Re: WireGaurd Public IP traffic replying out of wrong WAN.

« on: February 17, 2021, 09:07:26 am »

i have been on this problem for a while now and its one big reason i cannot sunset two of our commercial firewalls at work (yet) and switch them over to opnsense because i need to route public v4s from a datacenter to a server.

4

Hardware and Performance / Re: OpnSense on Sophos SG series

« on: March 23, 2020, 08:42:00 pm »

@Maestro86: Thank you so much!!! this worked!

5

20.1 Legacy Series / Re: Public IP range via a tunnel

« on: March 15, 2020, 08:11:30 pm »

so one thing i found out;

if you set virtual IPs to the GRE and set the gateway as the Remote's Endpoints IPv4 Adress (in my case WAN of a mikrotik router worked), you can use the Virtual IPs for TCP, ICMP does not seem to work (working on that next)

6

20.1 Legacy Series / Re: Public IP range via a tunnel

« on: March 15, 2020, 05:15:34 pm »

problem seems to be the same as this:

https://github.com/opnsense/core/issues/3783

7

20.1 Legacy Series / Re: Public IP range via a tunnel

« on: March 15, 2020, 11:15:12 am »

so what i got working:

I can setup a Tunnel over GRE with a Gateway (Upstream). With firewall rules (and outgoing nat) i can set specific LAN Clients to use that GRE Gateway which works fine! DNAT to internal Target works, even to the Firewalls own Interface IP Adresses!

what does not work:
I cannot ping the public ipv4 GRE Interface address from the internet. SSH, Webadmin and HAProxy is not useable for the routed IPv4.

it seems the only problem left is the inability for opnsense itself using the GRE Interface IPv4 for its own services.

8

20.1 Legacy Series / Re: Public IP range via a tunnel

« on: March 13, 2020, 09:40:28 pm »

Offering 50€ Bounty to a solution where i can tunnel IPv4 (or IPv4 Subnet) via Opnsense and Tunnel (GRE, OpenVPN Wireguard or IPSec) from Location A to Location B (i.e. Datacenter to Home/Company). Solution must include Screenshots and working examples. Bounty can be paid directly as donation to opnsense project or to the one who finds and shares a full solution/tutorial (put too many hours into this and its probably a tiny problem ...)

9

20.1 Legacy Series / Re: Public IP range via a tunnel

« on: March 12, 2020, 02:06:58 pm »

thanks, i will try that!

if by any chance you could share some screenshots, i would much appreciate it!

Edit: Can't get it to work, Traffic only comes in, but doesn't get out ...

10

Hardware and Performance / Re: OpnSense on Sophos SG series

« on: March 09, 2020, 10:12:36 am »

Installed latest opnsense on a SG230 (rev1) this weekend. Works without a problem. What i cannot get to work is the LCD Display in Front, still saying its a Sophos ;-)

11

20.1 Legacy Series / Re: Public IP range via a tunnel

« on: March 09, 2020, 10:05:17 am »

i have played around with this again yesterday and did some captures. When pinging from outside i can see the echo requests reaching the opnsense firewall. What i cannot see is any kind of response going on, neither on the GRE or the phys. WAN connection. It seems as if the Firewall just ignores these. Also a HAproxy does not yield any response either (was worth the try)

12

20.1 Legacy Series / Re: Return traffic for VPN going out over default gw instead of the VPN.

« on: March 08, 2020, 11:56:02 am »

so i am getting grey hair over this setting up just a GRE tunnel :-)

What IPs do you give the GRE Tunnel - and what IPs the GRE Interface itself? Do you use only public IPv4, do you use private IPv4s on the GRE Tunnel and the public v4 on the GRE Interface? Some example screenshots/setup would be much appreciated! :-) Thank you!

13

20.1 Legacy Series / Re: Return traffic for VPN going out over default gw instead of the VPN.

« on: March 07, 2020, 11:53:07 pm »

i wonder if this is simply a missing Gateway setting that would also set the reply-to for that interface. I tried "playing around" with that without any success.

thanks for keeping us posted!

14

20.1 Legacy Series / Re: Public IP range via a tunnel

« on: March 07, 2020, 09:20:34 am »

Did you add any NAT rule? Also would be interested in that Rule you have now that makes it work.
Did you configure Gateways?

Does it still work after reboot? :-)

15

20.1 Legacy Series / Re: Return traffic for VPN going out over default gw instead of the VPN.

« on: March 06, 2020, 04:30:27 pm »

ferryvanaesch: i remember something i found out when i tested. Say you are accessing from a VPS with IP a.b.c.d - set a static route for a.b.c.d/32 via your remote GRE tunnel IP (gateway). It will work, so what is missing, is the default route for the GRE. Since it is not working even when setting up multiwan, i wonder if it is a bug.