Messages

Code Select Expand

Building configuration...

Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname ONAfw1.localdomain
log syslog notifications
!
router bgp 65521
no bgp ebgp-requires-policy
bgp graceful-restart
neighbor 172.27.4.2 remote-as 65524
neighbor 172.27.4.2 bfd
neighbor 172.27.4.2 update-source ipsec2
!
address-family ipv4 unicast
  redistribute kernel
  redistribute connected
  redistribute static
  neighbor 172.27.4.2 next-hop-self
exit-address-family
!
address-family ipv6 unicast
  redistribute kernel
  redistribute connected
  redistribute static
exit-address-family
!
ip prefix-list sitea-net1 seq 10 permit 192.168.1.0/24
ip prefix-list sitea-net2 seq 20 permit 10.1.55.0/24
!
route-map routemap-out permit 10
match ip address prefix-list sitea-net1
!
line vty
!
bfd
peer 172.27.4.2
!
peer 172.227.4.2
!
!
end

You did create a route map, but did not assign it to any peer/neighbor in or outbound, so right now it is not applied.

We did another test today with Opnsense 20.7. as well as on openVPN and IPSec, there is no way we can make this work.

Sadly this works perfectly with PFsense.
Are there any plans to get this functionality in OpnSense as well?

Best regards

Hello Team,
first of all thanks for your great work.
Currently im running into an issue with Port Forwarding to a destination behind a VPN Tunnel.

We have a Firewall in our DataCenter Colocation which has an IPSec Tunnel with a VTI back to our Office Firewall.
Behind the Office Firewall is a Server which needs to be published to the Internet.

On the Office Firewall there is a Policy Based routing rule to forward all traffic from that Server via the Tunnel to the Datacenter.

If I'm opening a webpage or use speedtest.net I can see the correct public IP Address assigned from the NAT Pool on the Colocation Firewall.


Now if we open a port form the Colocation Firewall via Port Forward to the office Server, I can see the requests via Wireshark hitting the Colo Firewall, hitting the VPN Tunnel and the Office Firewall. So running a Packet Capture on the VTI Interface of the Office Firewall I can see the traffic hitting the Firewall with that tunnel, but the traffic is never leaving the tunnel and gets to the server.

IPSEC Firewall rules on the VTI Interface:


IPSEC Firewall rules on the IPSec Interface:






If I replace the IPSec setup with a OpenVPN tunnel it works, but the performance is bad.

Colo Firewall:
PFsense 2.4.5

Office Firewall:
OpenSense 20.1.7

Thanks for reading and looking into it.

Best regards
Martin