Messages

1

17.7 Legacy Series / Re: Intrusion Detection abuse.ch

« on: October 17, 2017, 09:35:27 am »

Do you have an interface assigned in the Intrusion Detection settings which is a VLAN-interface?

They don't work well and increase firewall load by a lot - thus decreasing throughput performance.

Keep in mind that tweaking ID-settings with a VLAN interface might crash the firweall.

2

17.1 Legacy Series / Re: IPSec with NAT not working

« on: June 20, 2017, 07:23:13 pm »

I've probably found the problem. There seems to be a general issue with IPsec and NAT.

https://github.com/opnsense/core/issues/440

So there are two dirty solutions for me then:
* Negotiate another VPN solution with the customer, or suggesting different settings the customer might be uncomfortable with (or we as well)
* Use the SonicWall again just for the IPsec tunnel

3

17.1 Legacy Series / IPSec with NAT not working

« on: June 19, 2017, 05:40:13 pm »

Hi,

we've migrated successfully from a SonicWall to a OPNsense box and almost everything works as expected.

There is just one problem: We have an IPSec tunnel to a customer which requires a /32-address on our site to be NATed to their /24-Network. We connect to a different local network on their site.

The required /32-address is configured as a virtual IP.

When I set this up - Phase 2 Local Network is our LAN Subnet, NAT address is the required /32-address - I can't connect to the other endpoint. Upon calling the customer and inspecting the log, he's telling me that we come in with the wrong IP and a /24-Subnet.

When I enter the required /32-address in the Phase 2 Local Network and disable NAT the IPSec tunnel connects successfully.

But I haven't found a way to route our LAN over the established tunnel.

Am I missing something?