OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of blueart »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - blueart

Pages: [1]
1
22.1 Legacy Series / Re: FRR and BGP or OSFP - can't get Route Maps to select more than 1 prefix list
« on: May 18, 2022, 09:02:43 pm »
Quote from: nzkiwi68 on May 18, 2022, 11:21:10 am
Code: [Select]
Building configuration...

Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname ONAfw1.localdomain
log syslog notifications
!
router bgp 65521
 no bgp ebgp-requires-policy
 bgp graceful-restart
 neighbor 172.27.4.2 remote-as 65524
 neighbor 172.27.4.2 bfd
 neighbor 172.27.4.2 update-source ipsec2
 !
 address-family ipv4 unicast
  redistribute kernel
  redistribute connected
  redistribute static
  neighbor 172.27.4.2 next-hop-self
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute kernel
  redistribute connected
  redistribute static
 exit-address-family
!
ip prefix-list sitea-net1 seq 10 permit 192.168.1.0/24
ip prefix-list sitea-net2 seq 20 permit 10.1.55.0/24
!
route-map routemap-out permit 10
 match ip address prefix-list sitea-net1
!
line vty
!
bfd
 peer 172.27.4.2
 !
 peer 172.227.4.2
 !
!
end

You did create a route map, but did not assign it to any peer/neighbor in or outbound, so right now it is not applied.

2
20.1 Legacy Series / Re: Port Forwarding through IPSEC Tunnel
« on: August 23, 2020, 09:30:44 pm »
We did another test today with Opnsense 20.7. as well as on openVPN and IPSec, there is no way we can make this work.

Sadly this works perfectly with PFsense.
Are there any plans to get this functionality in OpnSense as well?

Best regards

3
20.1 Legacy Series / Port Forwarding through IPSEC Tunnel
« on: May 23, 2020, 10:51:24 pm »
Hello Team,
first of all thanks for your great work.
Currently im running into an issue with Port Forwarding to a destination behind a VPN Tunnel.

We have a Firewall in our DataCenter Colocation which has an IPSec Tunnel with a VTI back to our Office Firewall.
Behind the Office Firewall is a Server which needs to be published to the Internet.

On the Office Firewall there is a Policy Based routing rule to forward all traffic from that Server via the Tunnel to the Datacenter.

If I'm opening a webpage or use speedtest.net I can see the correct public IP Address assigned from the NAT Pool on the Colocation Firewall.


Now if we open a port form the Colocation Firewall via Port Forward to the office Server, I can see the requests via Wireshark hitting the Colo Firewall, hitting the VPN Tunnel and the Office Firewall. So running a Packet Capture on the VTI Interface of the Office Firewall I can see the traffic hitting the Firewall with that tunnel, but the traffic is never leaving the tunnel and gets to the server.

IPSEC Firewall rules on the VTI Interface:


IPSEC Firewall rules on the IPSec Interface:






If I replace the IPSec setup with a OpenVPN tunnel it works, but the performance is bad.

Colo Firewall:
PFsense 2.4.5

Office Firewall:
OpenSense 20.1.7

Thanks for reading and looking into it.

Best regards
Martin

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2