Messages

I tried pfsense and face the same issue, and I worked with an experienced pfsense guy and determine it is a bug with pfsense, and it does not happen with old pfsense 2.3

Seems opnsense have this bug too since they share same code base?

https://forum.netgate.com/topic/131765/nat-problem-with-rtcp-server

Actually I spoke too soon, it was working yesterday on UDP mode, but this morning it does not work. I rebooted the firewall and everything to confirm again, and it works on TCP, and not UDP. i started a new thread on it.

https://forum.opnsense.org/index.php?topic=8825.0

Hi, I have RTSP server in my LAN. I can connect to it fine with TCP but not with UDP. I understand there is a source port rewrite which I must disable, however that is not working.





When I do a packet capture on WAN, I can see the TCP part going back but the UDP packets are going to a different (and wrong?) port.

thanks for replying. I have another deployment using IPtables, which I could do this fine.

Btw, I posted to the wrong category, how can I move it?

Hi, I'm running an RTSP server behind NAT. I find that using the same ports 554, it works but if I set the incoming ports to a different one, it does not work. Is that supposed to be so?

I've setup and open the firewalls following this opensense guide

https://docs.opnsense.org/manual/how-tos/ipsec-road.html

The tunnel setup I've followed this pfsense guide. This guide works when I setup on pfsense.

https://forum.pfsense.org/index.php?topic=127457.0

Mobile Client Phase 1
Key Exchange version V2

Phase 1 proposal
EAP-MSCHAPV2
My Identifier (Tried various settings, My IP Adrress, IPAddress,

I'm usin windows 7 to connect, imported the CA cert fine, and but I cannot connect. The log shows

Apr 29 14:38:16   charon: 14[NET] sending packet: from 192.168.1.239[500] to 192.168.1.99[500] (36 bytes)
Apr 29 14:38:16   charon: 14[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Apr 29 14:38:16   charon: 14[IKE] received proposals inacceptable
Apr 29 14:38:16   charon: 14[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256
Apr 29 14:38:16   charon: 14[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024

I need to manully add NAT outbound rule to any to get it to work. The auto generated rule does not allow it.

It's behind another router. Nope "Block private network" is unchecked.

The same setup works with pfsense VM fine, and both are fresh setup.  I configured the same way as pfsense.

Hi, this is a new setup running on a VM (Xenserver) with 2 NICs.

I have setup one for WAN, one for LAN. From my LAN, I'm unable to access internet (ping 8.8.8.8 fails).

I have same setup running a fresh install of pfsense, have similar problem. I needed to add a firewall LAN rule to LAN net to access to get it working on pfsense.

pfsensefirewall.jpg

I see OPNSense have setup that rule automatically (nice), but the firewall logs shows it passes (e.g. 10.0.0X)

opnsense1.jpg
opnsense2.jpg
opnsense3.jpg

Hi,

I'm new to OPNSense. I want to have one public IP, on listening port 554 which is served to multiple internal NAT VM. With port 80, we can use HAProxy, that is easy but my VM are serving RTSP video to port 554 so there is a TCP handshake followed by outbound UDP to port 554.

Something like this , is that doable with OPNSense.

https://raymii.org/s/tutorials/Proxmox_VE_One_Public_IP.html