Messages

1

Virtual private networks / Re: What's the direction of VPN - IPSEC or Wireguard?

« on: April 29, 2024, 10:22:45 pm »

I just came here looking for the same answer.  I have run OPNsense at home for years but for my colo box I ran a different firewall, so I used a ipsec tunnel between the two.  I just upgraded the colo box and now run OPNsense on it was well.  Trying to figure out if I am better with ipsec or something different.  At least in my case one site is a static ip while the other changes.  Did you figure out any answers?

2

General Discussion / Re: Need Help to Configure NAT as well as No-NAT

« on: April 24, 2024, 04:19:34 pm »

Did you ever figured this out?  I have the exact same setup and got it partially working but traffic sourced from the LAN2 segment gets natted but traffic that originates from the internet to LAN2 does not.  Thanks

3

24.1 Legacy Series / Re: routing issue

« on: February 24, 2024, 09:00:54 pm »

Updated to show a drawing that hopefully explains things better.  Thanks

4

24.1 Legacy Series / Re: routing issue

« on: February 24, 2024, 03:19:53 am »

Forgot to mention, both firewalls are on 24.1.2.  Thanks

5

24.1 Legacy Series / routing issue

« on: February 24, 2024, 02:55:59 am »

Hi, I am working on building a new server for my personal colo use running TrueNAS Scale with OPNsense as the firewall for the various VMs.  The OPNsense instance has a PCIe Mapped NIC to it for its outside interface and then two bridge interfaces setup as VirtIO adapter types.  Everything installed fine and a VM sitting on the inside interface (bridge 100) can get to the internet fine.  The challenge I am having is getting to any of the VMs sitting behind the firewall from my desktop.

Currently the server is at my house while I am getting it built.  My house has a cable modem and then a Protectli vault running OPNsense for my home use.  Lets call the inside network behind that firewall 10.1.1.0/24.  The IP for my internet firewall is 10.1.1.1 and my pc is 10.1.1.10 and the virtual OPNsense for my colo server is temporarily on 10.1.1.20 for its outside interface.  If I use a VM sitting on the inside behind the virtual OPNsense on ip 10.10.1.10, the virtual firewall NATs it correctly to its outside interface, 10.1.1.20 and forwards it to my internet firewall at 10.1.1.1 and it NATs it again to its public IP and goes out to the internet.  Everything works great there.

The issue I have is if I try to hit a NAT translation/port forwarding on virtual OPNsense for ssh that I have forwarded to the 10.10.1.10 device from my PC at 10.1.1.10, I see in the logs it translates it fine and the server responds but instead of the virtual OPNsense forwarding the traffic directly back to my PC, it forwards it to its gateway which is my internet OPNsense firewall and it drops the traffic.  I suspect there is a setting in OPNsense where it forwards all traffic to its gateway even though the target is on the same LAN segment.  I looked around and don't see a setting forcing it to send traffic to the gateway vs directly to the PC.  I checked the arp tables on my PC and on the virtual OPNsense and they are correct so its not like the other OPNsense is proxy arping my IP.  Any pointers on trying to fix this without making changes to my cable modem firewall?  Thanks

6

22.7 Legacy Series / Re: WAN management issue

« on: August 24, 2022, 11:52:16 pm »

bumping this back up to see if anyone has any ideas on what is going on.   Thanks for any guidance. 

7

22.7 Legacy Series / Re: WAN management issue

« on: August 20, 2022, 12:19:24 am »

poking around the forums, reddit, etc I see so similar types of issues were certain rules would not work.  It seemed to be related to networking issues.  This is a VM under truenas scale and I think I have it setup correctly.  If I shut down the firewall engine with a pfctl -d I can then get to the firewall.  But once I enable it, my rules dont see to be working.  I spun up a quick instance of pfsense CE and it works fine with the same type rule I was trying to get working under opnsense.  Not sure where to go from here    Anyone else running opnsense on truenas scale?

8

22.7 Legacy Series / Re: WAN management issue

« on: August 19, 2022, 08:51:10 pm »

A screenshot of the outside rule.  Thanks

9

22.7 Legacy Series / WAN management issue

« on: August 19, 2022, 08:49:47 pm »

Hi, I am in the process of building a new server for my person colo and it will be running Truenas Scale and I wanted to run OPNsense for the firewall to protect a few VMs running on the scale machine.  I have the VM up and running fine along with the few different inside interfaces.  The challenge I am running into is I cannot get access to the web interface of OPNsense from the WAN interface (i have it renamed to outside in my environment).  This is a brand new install as of this morning of 22.7 with the latest updates inside.  The WAN interface sits on my home network currently (10.200.200.0/24) along with my home PC I am trying to access it from. 

To start on the console of the VM I did a pfctl -d and I could access the firewall fine.  I then went into the outside interface I made sure to disable the no rfc1918 rules and I also checked to make sure the management interface was enabled for all interfaces.  I then went into the WAN firewall rules and did a permit from my home network as a source with a destination of any tcp/443.   When I applied the rule it reenabled OPNsense and I could no longer get to the management gui.  I then disabled it again and tried changing the permit to any any and it still is not working.  This rule is only needed temporary while I configure the machine.  I could access it other ways for now but I want to make sure its not part of a bigger problem as the rule "should" be working from what I can tell.  I have been a long term OPNsense user for my home but the colo has been running a very old PAN firewall VM that has since expired license wise and I want to move to OPNsense.  Any pointers on what I could be missing?  In the logs its showing it is getting caught but the default deny / state violation rule.  My understand is that should process last if nothing else is matching.  Thanks!