1
24.7 Production Series / Re: SOLVED - problem with dynamic DNS updates
« on: November 16, 2024, 08:11:28 pm »
Never mind...I had never noticed the tabs before on the top of the Services -> Dynamic DNS -> Settings page.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.7 Production Series / Re: SOLVED - problem with dynamic DNS updates
« on: November 16, 2024, 08:05:36 pm »
How do you, "[change] the backend method from ddclient to native"?
3
22.7 Legacy Series / htop no longer in package repositories?
« on: September 07, 2022, 06:01:49 pm »
Howdy!
I've had htop installed on my OPNsense machine for a while, but after upgrading to 22.7.3_2, it seems to no longer be available. Was it removed on purpose? Is there a similar alternative?
Thanks,
Tad
I've had htop installed on my OPNsense machine for a while, but after upgrading to 22.7.3_2, it seems to no longer be available. Was it removed on purpose? Is there a similar alternative?
Thanks,
Tad
4
21.1 Legacy Series / IPSec to Double NAT on Firewall
« on: March 02, 2021, 07:27:47 am »
Hello!
I have an IPSec VPN established with NAT before IPSec working as described here: https://docs.opnsense.org/manual/how-tos/ipsec-s2s-binat.html
As a result, traffic that comes into my site appears to come from the far side 1:1 NAT that their addresses are translated to before the traffic enters the tunnel. Traffic that arrives at one of my private servers sees a "foreign" IP address making a request, and responses correctly end up back in the tunnel due to the straightforward routing rules that are implicitly created by this setup.
I also have other private networks on my side that I may need to route traffic to. These networks are in a different data center, but have different private networks, so routing handles the traffic between these data centers. However, this routing will drop any packet that has an IP on a network that the hosting company doesn't recognize. These leaves me unable to route traffic from this VPN to the other data center since the virtual network isn't one that the host accepts and I cannot change the virtual network IP range on my end because of considerations for the remote VPN host.
The 1:1 NAT uses an RFC 1918 subnet that I obtained from my hosting company specifically to use as the "Internal IP" network of the 1:1 NAT. I can assign IPs from this network to any server that is locally behind my OPNsense firewall and traffic flows as expected, though again with the tunnel remote IPs (the "Destination IP" network of the 1:1 NAT) being visible to the target server.
Anything I've tried to "double NAT" this traffic to another subnet, hoping to end up with the private subnet of the 1:1 NAT as the source IP hasn't worked. I've tried running a 1:1 NAT behind the first, as well as port forward NATs.
I'm not even sure what to call this to try to search for some answers, of even if there is some much better solution that I haven't considered.
Does anyone have any thoughts?
Thanks!
I have an IPSec VPN established with NAT before IPSec working as described here: https://docs.opnsense.org/manual/how-tos/ipsec-s2s-binat.html
As a result, traffic that comes into my site appears to come from the far side 1:1 NAT that their addresses are translated to before the traffic enters the tunnel. Traffic that arrives at one of my private servers sees a "foreign" IP address making a request, and responses correctly end up back in the tunnel due to the straightforward routing rules that are implicitly created by this setup.
I also have other private networks on my side that I may need to route traffic to. These networks are in a different data center, but have different private networks, so routing handles the traffic between these data centers. However, this routing will drop any packet that has an IP on a network that the hosting company doesn't recognize. These leaves me unable to route traffic from this VPN to the other data center since the virtual network isn't one that the host accepts and I cannot change the virtual network IP range on my end because of considerations for the remote VPN host.
The 1:1 NAT uses an RFC 1918 subnet that I obtained from my hosting company specifically to use as the "Internal IP" network of the 1:1 NAT. I can assign IPs from this network to any server that is locally behind my OPNsense firewall and traffic flows as expected, though again with the tunnel remote IPs (the "Destination IP" network of the 1:1 NAT) being visible to the target server.
Anything I've tried to "double NAT" this traffic to another subnet, hoping to end up with the private subnet of the 1:1 NAT as the source IP hasn't worked. I've tried running a 1:1 NAT behind the first, as well as port forward NATs.
I'm not even sure what to call this to try to search for some answers, of even if there is some much better solution that I haven't considered.
Does anyone have any thoughts?
Thanks!
5
20.1 Legacy Series / Re: SOLVED: NAT not working with IPSec VPN
« on: July 15, 2020, 06:16:03 pm »
The secret sauce was the SPD entry. The non-obvious part was that 10.0.0.15/32 is what goes in that field.
The other part I was missing was the 1:1 NAT with 2.2.2.2 as the External IP, 10.0.0.15 as the Internal IP, and 1.1.1.2 as the Destination IP.
Do not have 2.2.2.2 as a virtual IP.
The other part I was missing was the 1:1 NAT with 2.2.2.2 as the External IP, 10.0.0.15 as the Internal IP, and 1.1.1.2 as the Destination IP.
Do not have 2.2.2.2 as a virtual IP.
6
20.1 Legacy Series / Re: NAT not working with IPSec VPN
« on: July 15, 2020, 04:10:43 pm »
And will I need a virtual IP for the 2.2.2.2 that isn't actually visible on the internet?
Or, asked differently, how do I assign that to an interface?
Or, is that handled by my NAT entry? 1:1 or Port Forward?
Or, asked differently, how do I assign that to an interface?
Or, is that handled by my NAT entry? 1:1 or Port Forward?
7
20.1 Legacy Series / Re: NAT not working with IPSec VPN
« on: July 15, 2020, 04:07:24 pm »NAT before IPsec needs this in FreeBSD https://docs.opnsense.org/manual/how-tos/ipsec-s2s-binat.htmlThe documentation seems to say that I'm going to put my local network in the "Manual SPD Entries" box, so 10.0.0.15/32 in my example?
8
20.1 Legacy Series / Re: NAT not working with IPSec VPN
« on: July 15, 2020, 03:29:46 pm »Did you set SPD entries?
I did not and I wouldn't know how. This is the first I've heard of this.
9
20.1 Legacy Series / SOLVED: NAT not working with IPSec VPN
« on: July 15, 2020, 02:59:55 am »
Hello,
I am attempting to get a site to site VPN running with a single routable IP address inside each end of the tunnel.
Something like:
Unknown Remote Local My
- Private NW - network WAN WAN network ----- Private NW ----
?.?.?.? <-> 1.1.1.2 -- 1.1.1.1 <=== TUNNEL ====> 2.2.2.1 -- 2.2.2.2 <-> NAT <-> 10.0.0.15
The Remote end of the connection is a partner company that my company is providing a single service to via this tunnel. The goal here is to allow the service to work while each network is insulated from each other and neither side has to have any knowledge of the other's topology.
I've tried both, 1:1 NAT, and Port Forward NAT. It seems that I have to have the local network IP as a virtual IP on my WAN interface, and the closest I've come is that traffic gets to correct server in my network at 10.0.0.15, but the return traffic seems to want to head straight to the internet rather than being returned up the tunnel.
I do also have a /26 network 1:1 NAT servicing requests directly from the internet, but I obtained a single, completely different IP address to use for 2.2.2.2 in the above diagram that has no NAT associated with it besides what I've tried to set up for the tunnel.
I know this description is fairly vague, but does anyone have any suggestions?
Thanks!
I am attempting to get a site to site VPN running with a single routable IP address inside each end of the tunnel.
Something like:
Unknown Remote Local My
- Private NW - network WAN WAN network ----- Private NW ----
?.?.?.? <-> 1.1.1.2 -- 1.1.1.1 <=== TUNNEL ====> 2.2.2.1 -- 2.2.2.2 <-> NAT <-> 10.0.0.15
The Remote end of the connection is a partner company that my company is providing a single service to via this tunnel. The goal here is to allow the service to work while each network is insulated from each other and neither side has to have any knowledge of the other's topology.
I've tried both, 1:1 NAT, and Port Forward NAT. It seems that I have to have the local network IP as a virtual IP on my WAN interface, and the closest I've come is that traffic gets to correct server in my network at 10.0.0.15, but the return traffic seems to want to head straight to the internet rather than being returned up the tunnel.
I do also have a /26 network 1:1 NAT servicing requests directly from the internet, but I obtained a single, completely different IP address to use for 2.2.2.2 in the above diagram that has no NAT associated with it besides what I've tried to set up for the tunnel.
I know this description is fairly vague, but does anyone have any suggestions?
Thanks!
Pages: [1]