"
Thank you, that was indeed the issue! I had done it on the the VPN name interface I created not just 'OpenVPN'. Once I changed the source, bam, it worked - you rock!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.1, 24.4 Legacy Series / Re: Routing/NATing certain networks through VPN
July 08, 2024, 04:34:25 AM #2
24.1, 24.4 Legacy Series / Routing/NATing certain networks through VPN
July 07, 2024, 06:25:43 PM
Here's what I have done/got working so far:
1. connected to remove vpn server using openvpn
2. added a route for my wanted network to go through the vpn: route add 1.2.3.4/24 10.8.0.5
this works. I can ping the remote network from the OPNSense box
now I want to do the same with the clients sitting behind OPNSense
I setup an outbound NAT rule that says all traffic through the openvpn interface to be natted.
This *works* except it NATs ALL traffic, not just traffic for 1.2.3.4/24
Is there a way to do this without having to specify all my wanted networks in the NAT rules ?
I want only traffic through the OpenVPN interface to be natted
1. connected to remove vpn server using openvpn
2. added a route for my wanted network to go through the vpn: route add 1.2.3.4/24 10.8.0.5
this works. I can ping the remote network from the OPNSense box
now I want to do the same with the clients sitting behind OPNSense
I setup an outbound NAT rule that says all traffic through the openvpn interface to be natted.
This *works* except it NATs ALL traffic, not just traffic for 1.2.3.4/24
Is there a way to do this without having to specify all my wanted networks in the NAT rules ?
I want only traffic through the OpenVPN interface to be natted
#3
High availability / HA with ESXi setup
April 03, 2024, 04:30:25 PM
Is there a guide on how to configure the interfaces in ESXi for CARP High Availability ?
Right now I have the following on two nodes:
- WAN interface
- LAN interface
- CARP interface
the CARP interface under Security has :
Promiscuous mode : rejected
MAC address changes : allowed
Forged transmits : allowed
I have both boxes configured, it works, but I have to admit I never tested this and I can't figure out if Promiscuous mode should be allowed or rejected. By works I mean that one box is master for the VIPs and the other is on standby, the configs are getting synced, etc.
Right now I have the following on two nodes:
- WAN interface
- LAN interface
- CARP interface
the CARP interface under Security has :
Promiscuous mode : rejected
MAC address changes : allowed
Forged transmits : allowed
I have both boxes configured, it works, but I have to admit I never tested this and I can't figure out if Promiscuous mode should be allowed or rejected. By works I mean that one box is master for the VIPs and the other is on standby, the configs are getting synced, etc.
Pages1
