Messages

thank you.mich appreciated!

so basically i will try to use the wan interface ip for pointing 2 different remote endpoints in different subnets of same cloud provider.
they should work both and no logical failover/ha task is required on opnsense side.

thank you so much
i meant failover.
if for example the first tunnel is failing, there is a way that opnsense can handle it automatically? or you think it is not required for this specific case?
thanks

thank you so much for your answer.
I have to review my antecedent post, i apologize:
the 2 remote endpoints will have 2 different subnetworks.
so in this case the public wan will point trough 2 different ipsec tunnels to 2 different endpoints belonging to 2 different network handled by a third cloud provider.
the only goal of this is to achieve a failover/redundancy if first tunnel is failing.
In this case, the failover can handled also only manually?

Kind Regards

Rocco

Hello,

maybe somebody has already implemented it.

I am going to build a secondo ipsec tunnel on the wan interface by pointing to another remote endpoint of the same subnet of the first remote endpoint.
Is this technically possible?
how handling the failover in this case?

Thanks in advance,

Kind Regards

Rocco

Good morning,

I have a question.

I set up a 1: 1 NAT with a machine in the internal network that should send requests to a remote machine over the internet (a kind of web server).
I proceeded to create a virtual IP and to properly set the NAT 1: 1 and the outbound traffic.
Based on the material I found on the internet, I read that this is not enough as you also need to put a Firewall Rule. Could you kindly give me more info about it because I couldn't find much.

Thank you

Have a nice day

Salve,

avrei una domanda.

ho configurato una NAT 1:1 con una macchina nella rete interna che dovrebbe inviare request a una macchina remota attraverso internet (una sorta di web server).
Ho provveduto a creare un virtual IP e a settare propriamente la NAT 1:1 e l outbound traffic.
In base al materiale che ho trovato su internet, leggo che questo non é sufficiente in quanto bisogna mettere anche una Firewall Rule. Potreste cortesemente darmi maggiori info a riguardo perche non sono riuscito a trovare molto.

Grazie

Buona giornata

so no success.
The problem persists: the private ip address of the webserver (192.168.56.3) is REACHABLE from WAN (external network) when i add the NAT 1:1 Rule.

so i am not able to solve it  :-X
i will hit my head in this hours and i will find it out.
If i find the solution, i will post it and share for the community :)
thanks everybody

I can do ssh from internal browser webterm-1
no ssh from external browser webterm-2

Hello Bart,

thank you for your answer. What you mean with "traffic parity" please?
can be that this options has enabled this bug?
"block private network disabled"

Hallo Bart,

i am sorry but i have difficulties to understand the goal:

my problem is that i am able to reach the webserver on ubuntu with his private address (192.168.56.3:81) although i set the NAT Port  Forwarding and the NAT 1:1. I see that if i disable the NAT port forwarding the problem still persists while if i disable the NAT 1:1 the problem is solved, so i assume there is some misconfiguration on the NAT 1:1.

thanks
here are the output

sorry Bart, i am not sure i understood.
Might you be please so kind to explain me better?
Do you need some screenshot regarding the configuration?

Thanks :)

ssh no success

Can you make sure the SSH server is installed and running?

sudo apt-get install openssh-server
systemctl status sshd

Bart...

thanks Bart for your help.
You mean to install  it in webterm?

is interesting that i can ping only .101 (port forward virual ip) and not .102 (1:1 NAT virtual ip).
ssh no success