Messages

1

Virtual private networks / Re: 2 different IPsec on same WAN interface

« on: January 17, 2023, 05:04:59 pm »

thank you.mich appreciated!

so basically i will try to use the wan interface ip for pointing 2 different remote endpoints in different subnets of same cloud provider.
they should work both and no logical failover/ha task is required on opnsense side.

2

Virtual private networks / Re: 2 different IPsec on same WAN interface

« on: January 17, 2023, 04:39:32 pm »

thank you so much
i meant failover.
if for example the first tunnel is failing, there is a way that opnsense can handle it automatically? or you think it is not required for this specific case?
thanks

3

Virtual private networks / Re: 2 different IPsec on same WAN interface

« on: January 17, 2023, 02:50:23 pm »

thank you so much for your answer.
I have to review my antecedent post, i apologize:
the 2 remote endpoints will have 2 different subnetworks.
so in this case the public wan will point trough 2 different ipsec tunnels to 2 different endpoints belonging to 2 different network handled by a third cloud provider.
the only goal of this is to achieve a failover/redundancy if first tunnel is failing.
In this case, the failover can handled also only manually?

Kind Regards

Rocco

4

Virtual private networks / 2 different IPsec on same WAN interface

« on: January 17, 2023, 02:19:43 pm »

Hello,

maybe somebody has already implemented it.

I am going to build a secondo ipsec tunnel on the wan interface by pointing to another remote endpoint of the same subnet of the first remote endpoint.
Is this technically possible?
how handling the failover in this case?

Thanks in advance,

Kind Regards

Rocco

5

General Discussion / NAT- Firewall Rule

« on: February 23, 2022, 10:19:21 am »

Good morning,

I have a question.

I set up a 1: 1 NAT with a machine in the internal network that should send requests to a remote machine over the internet (a kind of web server).
I proceeded to create a virtual IP and to properly set the NAT 1: 1 and the outbound traffic.
Based on the material I found on the internet, I read that this is not enough as you also need to put a Firewall Rule. Could you kindly give me more info about it because I couldn't find much.

Thank you

Have a nice day

6

Italian - Italiano / NAT- Firewall Rule

« on: February 23, 2022, 10:18:13 am »

Salve,

avrei una domanda.

ho configurato una NAT 1:1 con una macchina nella rete interna che dovrebbe inviare request a una macchina remota attraverso internet (una sorta di web server).
Ho provveduto a creare un virtual IP e a settare propriamente la NAT 1:1 e l outbound traffic.
In base al materiale che ho trovato su internet, leggo che questo non é sufficiente in quanto bisogna mettere anche una Firewall Rule. Potreste cortesemente darmi maggiori info a riguardo perche non sono riuscito a trovare molto.

Grazie

Buona giornata

7

General Discussion / Re: NAT 1:1

« on: August 13, 2021, 09:41:47 am »

so no success.
The problem persists: the private ip address of the webserver (192.168.56.3) is REACHABLE from WAN (external network) when i add the NAT 1:1 Rule.

8

General Discussion / Re: NAT 1:1

« on: August 11, 2021, 02:36:02 pm »

so i am not able to solve it 
i will hit my head in this hours and i will find it out.
If i find the solution, i will post it and share for the community
thanks everybody

9

General Discussion / Re: NAT 1:1

« on: August 10, 2021, 02:41:53 pm »

I can do ssh from internal browser webterm-1
no ssh from external browser webterm-2

10

General Discussion / Re: NAT 1:1

« on: August 10, 2021, 02:31:40 pm »

Hello Bart,

thank you for your answer. What you mean with "traffic parity" please?
can be that this options has enabled this bug?
"block private network disabled"

11

General Discussion / Re: NAT 1:1

« on: August 10, 2021, 01:45:12 pm »

Hallo Bart,

i am sorry but i have difficulties to understand the goal:

my problem is that i am able to reach the webserver on ubuntu with his private address (192.168.56.3:81) although i set the NAT Port  Forwarding and the NAT 1:1. I see that if i disable the NAT port forwarding the problem still persists while if i disable the NAT 1:1 the problem is solved, so i assume there is some misconfiguration on the NAT 1:1.

12

General Discussion / Re: NAT 1:1

« on: August 10, 2021, 10:43:01 am »

thanks
here are the output

13

General Discussion / Re: NAT 1:1

« on: August 10, 2021, 09:08:23 am »

sorry Bart, i am not sure i understood.
Might you be please so kind to explain me better?
Do you need some screenshot regarding the configuration?

Thanks

14

General Discussion / Re: NAT 1:1

« on: August 04, 2021, 09:55:38 am »

ssh no success

Can you make sure the SSH server is installed and running?

sudo apt-get install openssh-server
systemctl status sshd

Bart...

thanks Bart for your help.
You mean to install  it in webterm?

15

General Discussion / Re: NAT 1:1

« on: August 03, 2021, 02:40:51 pm »

is interesting that i can ping only .101 (port forward virual ip) and not .102 (1:1 NAT virtual ip).
ssh no success