Messages

1

19.7 Legacy Series / Re: Port Forwarding issues and VPN passthrough issues

« on: January 19, 2020, 08:29:02 pm »

Finally got this to work.   Posting it here in case this ever comes up in google searches in the future.


I had to create a new NAT rule on the LAN interface.

I created a static DHCP mapping for my work laptop then made an alias for it.

In the new NAT rule, I set source: work_laptop any/any dest: any/any *** force GW: WAN DHCP *** direction IN

I then had to select "allow options" and "sloppy state" in the new NAT rule

Lastly I had to disable Unbound DNS and remove the OPNSense server from the list of DNS resolvers as it was grabbing DNS requests and munging them

After all this the VPN works without issue now

2

19.7 Legacy Series / Re: Port Forwarding issues and VPN passthrough issues

« on: January 10, 2020, 04:22:37 am »

So I got the NAT port forward fixed.

I just did a factory reset and rebuilt all the firewall rules.  No idea what was wrong, but obviously something got badly tweaked in there.

Still trying to figure out the issue with the cisco VPN though

3

19.7 Legacy Series / Port Forwarding issues and VPN passthrough issues

« on: January 09, 2020, 05:47:18 pm »

I'm having two issues

#1  Trying to port forward a non-reserved port to SSH (port 22) on a bare metal box inside the FW.  Externally I can see "connection established" but I'm not seeing any authentication attempts in the logs on the linux box.  Reviewing OPNSense logs I see that it is supposedly forwarding the packets.  The same setup was previously working when the same hardware I put OPNSense on was running Sophos so I do not believe it to be an issue on the linux box end

#2  Client system inside is trying to connect externally via Cisco VPN.  It establishes the connection but I cannot connect to any services on the other side of the VPN.  Using my phone to tether and bypass the OPNSense everything works fine

OPNSense notes:

I have NOT enabled "Boock bogon" or "Block private" on either WAN or LAN

I have set NAT outbound to "manual" only for testing but this has not helped

This part is important...  !!!I NEED TO BE ABLE TO RUN IN HYBRID NAT OUTBOUND TO ENABLE NAT-PMP!!!!!  however this automatically enables ISAKMP which can interfere with VPN's as I have read it

I have three WAN rules enabled and no LAN rules (aside from allow all on LAN side)

• spamhaus_drop
• spamhaus_edrop
• GeoIP

I have disabled the outbound rules for testing however it has not fixed the problems

I humbly beg for assistance here as my Google-fu and forums searches over the past couple of days have resulted in the same suggestions (already tried above) which haven't fixed the issues.