Messages

You certainly have the right idea for what I am trying to do. If I am reading your reply correctly then method #2

your AWS opnsense NATs the traffic that goes to the VM to its own VPN IP (or another one that will be routed from the VM to the aws opn), so the VM will send the response to the aws opn back (here it will be translated back to the original public IP)

is what I have been trying to execute upon and so far failing. Thus I am here asking for a sample config of things to change so I can see and adapt it to my situation....

After conversation with a friend in the field I am presently attempting to put a manual entry under the routing configuration of the could OPN instance telling it that anything destined for 192.168.1.0/24 goes out the vpn interface (which I just re-enabled again).... still working on this so we shall see what becomes of it...

have a url that I use for myself that points to my home ip address used for RDP, plex and other similar remote services for myself. Quite purposely I have never hosted a web page in this way as this being a lab project I am not trying to encourage those skilled at hacking to look my way. I do have the normal protections I mean opnsense is a firewall after all...

Recently I decided I wanted to host a website on my own equipment but the above concerns are still valid.

My solution was to setup a cloud VM instance of OPNsense through a provider of such services. I got new URL and set the DNS provider to cloudflare, and have the new instance of OPNsense to update cloudflare, and for security I changed the port used to login to OPNsense. Using that URL with the correct port appended on the end works as expected to allow me to login to OPNsense.

I followed a guide to setup a site to site vpn from this cloud hosted instance of OPNsense, to the instance I am running here at home and the status page on both ends reads as 'UP' with a few bites transferred (as I have yet to make it function as expected not many bites).

I have apache running on a VM here at home that I use to allow me to get to (proxmox, OPNsense, Adblock home, Home assistant, apache guacamole, ubiquity controller) with url's instead of IP's a friend and //former// coworker helped me set that up, my skill is enough to read and change into what I need, but not enough to code up from scratch. I have looked at OPNsense's built in nginix and wasn't up to the challenge of learning it at this time considering I already have a working instance of apache.

I cloned the above apache VM and removed all the sites I did not want this new url to have access to (apache guacamole would be a bad idea for a open to the world url), having a separate vm with it's own distinct ip address also seemed like it would make things easier.

On my cloud hosted opnsense instance I setup port forwarding for port 80 and 443 to my new apache VM.... and it did not work. At one point early on the cloud hosted opnsense instance could ping that VM(though the port forwarding or something else prevented it from working). I have sense tried many things including but not limited to assigning the site-to-site vpn as a interface (and disabling and re-enabling different variations of options) curre4ntly ping from inside the opnsense web interface on the cloud server to my internal (at my home thorugh the vpn)apache apache instance does not work though it did early on.

I know the apache config does work however as when I set adblock (my in home dns server) to point to it for the appropriate url it works when I am already on my home network, so apache works. The VPN between the 2 OPNsense instances work, and the URL to the cloud hosted OPNsense instance works.

I need help configuring settings, firewall, routing, port forwarding, interface, and whatever other rules/settings, such that when a end user types my new url, the cloud instance of OPNsense will forward all web traffic (port 80, port 443) through the vpn tunnel to the ip address of the VM I have running Apache, and to make sure the return information from apache can make it back out the same way.

Been at this about 2+ weeks trying to blunder my way through, now I am asking.

That would make sense, It does say i386 next to the version on the dashboard...

I seem to recall a way to backup the configurations to be reimported after a full restore (assuming I remember that correctly) does that function work across version such as switching to 64bit?

I have opnsense 20.1.9 (installed in proxmox if it matters, dedicated wan facing vmbr-Virtual nic passed through only to opnsense, prox's firwall is disabled)

The change-log listing in opnsense lists many newer versions, but the check for update both via web interface and via console option 12 find and accomplished nothing when trying to update...

If someone could point me in the right direction it would be appreciated.