Messages

1

24.1 Legacy Series / Re: Routing/NATing certain networks through VPN

« on: July 08, 2024, 04:34:25 am »

Thank you, that was indeed the issue! I had done it on the the VPN name interface I created not just 'OpenVPN'. Once I changed the source, bam, it worked - you rock!

2

24.1 Legacy Series / Routing/NATing certain networks through VPN

« on: July 07, 2024, 06:25:43 pm »

Here's what I have done/got working so far:

1. connected to remove vpn server using openvpn
2. added a route for my wanted network to go through the vpn: route add 1.2.3.4/24 10.8.0.5

this works. I can ping the remote network from the OPNSense box

now I want to do the same with the clients sitting behind OPNSense

I setup an outbound NAT rule that says all traffic through the openvpn interface to be natted.
This *works* except it NATs ALL traffic, not just traffic for 1.2.3.4/24

Is there a way to do this without having to specify all my wanted networks in the NAT rules ?

I want only traffic through the OpenVPN interface to be natted

3

High availability / HA with ESXi setup

« on: April 03, 2024, 04:30:25 pm »

Is there a guide on how to configure the interfaces in ESXi for CARP High Availability ?

Right now I have the following on two nodes:

- WAN interface
- LAN interface
- CARP interface

the CARP interface under Security has :
 Promiscuous mode : rejected
 MAC address changes : allowed
 Forged transmits : allowed

I have both boxes configured, it works, but I have to admit I never tested this and I can't figure out if Promiscuous mode should be allowed or rejected. By works I mean that one box is master for the VIPs and the other is on standby, the configs are getting synced, etc.