"
I just checked and it actually appears in the live log with the correct interface, but a Packet capture still doesn't see it.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Routed IPv6 Port Forward doesnt arrive on target interface
February 10, 2023, 10:20:23 PM #2
General Discussion / Routed IPv6 Port Forward doesnt arrive on target interface
February 10, 2023, 02:09:26 PM
Im currently forwarding a couple of ports on a gateway in front of the OPNSense.
The OPNSense is supposed to just route the packets.
When trying to forward a port via IPv6 and running a packet capture, i can see the traffic arrive on the source interface (WAN2) with a DNAT, but it never shows up on the target (LAN) interface.
If i cheat and use SNAT on the external GW aswell then it arrives perfectly fine at the target.
Setup:
Public IPv6 WAN2: 2001:8d8:XXX
Private IPv6 WAN2: FC00::BBA:1
OPNSense IPv6 WAN2: FC00::BBA:2
OPNSense IPv6 LAN: FC00::AAB:1
Target IPv6: FC00::AAB:F0
FW Rule (Interface WAN2) is attached as a screenshot
Update: forgot to mention WAN2 is a Wireguard Link
The OPNSense is supposed to just route the packets.
When trying to forward a port via IPv6 and running a packet capture, i can see the traffic arrive on the source interface (WAN2) with a DNAT, but it never shows up on the target (LAN) interface.
If i cheat and use SNAT on the external GW aswell then it arrives perfectly fine at the target.
Setup:
Public IPv6 WAN2: 2001:8d8:XXX
Private IPv6 WAN2: FC00::BBA:1
OPNSense IPv6 WAN2: FC00::BBA:2
OPNSense IPv6 LAN: FC00::AAB:1
Target IPv6: FC00::AAB:F0
FW Rule (Interface WAN2) is attached as a screenshot
Update: forgot to mention WAN2 is a Wireguard Link
#3
General Discussion / Re: Problems using Gateway in rules
February 07, 2023, 03:55:14 PMIt still reproduces the same error.
If i create a Gateway Rule pointing "any" from the source IP to the Gateway, then connections that get INITIATED on the source IP get routed through the Gateway.
So while i was writing this i realized the "reply-to" field on the FW Rules.
Setting that to the correct gateway for replies works.
#4
General Discussion / Problems using Gateway in rules
February 07, 2023, 12:45:36 AM
I currently have a couple of Firewall Rules setup with an OpenVPN Gateway.
I'm trying to move my OpenVPN Configs over to WireGuard.
When setting up everything and changing the Gateway in the rules to the WireGuard one, it doesn't work.
Running an Packet Capture (and also observing the logs with log enabled) it seems like the OPNSense completely ignores the rules and still pushes it out to the OpenVPN gateway.
1 Rule in Question in Attachments
I'm trying to move my OpenVPN Configs over to WireGuard.
When setting up everything and changing the Gateway in the rules to the WireGuard one, it doesn't work.
Running an Packet Capture (and also observing the logs with log enabled) it seems like the OPNSense completely ignores the rules and still pushes it out to the OpenVPN gateway.
1 Rule in Question in Attachments
Pages1
