"
Resolved, the problem was the MTU of 1400 for the vSwitch that's need to be set at VM level, leaving the default (1500) on the virtual nic at hypervisor level
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
22.1 Legacy Series / Re: OPN on Hetzner vSwitch w/public subnet, natted VMs can't browse internet
July 26, 2022, 05:21:09 PM #2
22.1 Legacy Series / OPN on Hetzner vSwitch w/public subnet, natted VMs can't browse internet
July 26, 2022, 12:42:32 PM
Good morning forum, i'm trying to integrate OPN (latest stable) as a firewall on my XCPNG (xen) cluster on Hetzner but cannot get VM behind it browsing web.
Some tech stuff: on Hetzner, each physycal host is connected in a vswitch (vlan) with a public subnet binded to it ( https://docs.hetzner.com/robot/dedicated-server/network/vswitch/ ). So, in a guest vm, if we attach his interface to the vswitch/vlan (MTU 1400) and give an ip from the public subnet, the VM can browse with this new public ip (tested, working).
The problem: i made the same exact configuration for the WAN side of OPNsense istance with some VM connected to the LAN (behind NAT) and those VM can only ping/resolve external addresses but got timeout when browsing internet. Tried reset, pfctl -d, review ruleset but nothing seems help
Any hint? Thank you
Some tech stuff: on Hetzner, each physycal host is connected in a vswitch (vlan) with a public subnet binded to it ( https://docs.hetzner.com/robot/dedicated-server/network/vswitch/ ). So, in a guest vm, if we attach his interface to the vswitch/vlan (MTU 1400) and give an ip from the public subnet, the VM can browse with this new public ip (tested, working).
The problem: i made the same exact configuration for the WAN side of OPNsense istance with some VM connected to the LAN (behind NAT) and those VM can only ping/resolve external addresses but got timeout when browsing internet. Tried reset, pfctl -d, review ruleset but nothing seems help
Any hint? Thank you
#3
Intrusion Detection and Prevention / Re: Suricata not working on Hetzner Cloud VM?
March 05, 2020, 12:28:26 PM
Interfaces
#4
Intrusion Detection and Prevention / Suricata not working on Hetzner Cloud VM?
March 05, 2020, 12:26:35 PM
Hi there, i was able to put OPNSense (latest sable) in front some VM on Hetzner Cloud (tip https://community.hetzner.com/tutorials/how-to-route-cloudserver-over-private-network-using-pfsense-and-hcnetworks).
VM are connected through a private network, hetzner use 10.0.0.1 to route traffic to all VMs
Everything seems working except for IDS/IPS (no block/alert, tried different settings). Any hint?
Thank you for your effort
VM are connected through a private network, hetzner use 10.0.0.1 to route traffic to all VMs
Everything seems working except for IDS/IPS (no block/alert, tried different settings). Any hint?
Thank you for your effort
#5
18.1 Legacy Series / Re: HAproxy with GeoIP
June 11, 2018, 09:38:21 AM
No one? :'(
Maybe some firewall rule can help to redirect traffic based on ip source?
Maybe some firewall rule can help to redirect traffic based on ip source?
#6
18.1 Legacy Series / HAproxy with GeoIP
June 08, 2018, 11:25:28 PM
Hi, i'm trying to understand if it's possible get HAproxy working with GeoIP statement's (es. if US then IP1, if DE then IP2).
I'd like to dismantle some IT stuff using OPNsense as a firewall and loadbalancer
Thanks for any hint or reply
I'd like to dismantle some IT stuff using OPNsense as a firewall and loadbalancer
Thanks for any hint or reply
#7
18.1 Legacy Series / Re: OPNsense and VULTR ISO Issues
June 08, 2018, 11:20:27 PM
Same problem but fixed as now. Just troubleshoot with vultr's team and they applied a fix
Pages1
