Messages

1

24.1 Legacy Series / Re: upgrade to 24.1_1 orphaned Wireguard Plugin

« on: February 05, 2024, 08:22:30 am »

i see, they integrated the wireguard VPN by default

i deployed a fresh 24.1 in a VM to check

2

24.1 Legacy Series / upgrade to 24.1_1 orphaned Wireguard Plugin

« on: February 05, 2024, 08:00:09 am »

i see under plugins orphaned wireguard plugin but it's still working luckly.

3

24.1 Legacy Series / 24.1_1 upgrade Webgui not working after reboot

« on: February 04, 2024, 01:14:01 pm »

Hi folks, i have 3 running opnsense installations. i upgraded all of the from last 23.X to 24.1_1. 2 of them starts normally when issuing a rebbot, but one of them after the reboot dows not start the WebGui. i must login to ssh and select options 11 to restart all services to restore normail behaviour.

anyone has the same issue? anyone knows a fix for this?

Bests

4

23.1 Legacy Series / Re: WireGuard site to site NAT

« on: March 19, 2023, 02:33:40 pm »

ok. Fixed. i update initial post.

5

23.1 Legacy Series / Re: WireGuard site to site NAT

« on: March 19, 2023, 11:34:13 am »

ehm, ok, so how can i fix it?

6

23.1 Legacy Series / Re: WireGuard site to site NAT

« on: March 17, 2023, 04:45:24 pm »

if i nat an RDP Connection, i connect to site A Public ip, the connection arrives on the windows machine on site B as i see from the performance monitor. the only thing that's weird is that i see my public ip instead some internal network IP as source on windows.

to understand better what i see:

Source 1.1.1.1 (my pc ) to public site A ip 2.2.2.2 (Public IP) port 3389 ( site A tunnel ip 10.254.254.1/24)
Site B (10.254.254.254/24 tunnel ip) - 10.10.1.2 (Windows machine ip site B)

on resource monitor i see a connection from my 1.1.1.1 to 10.10.1.2 and the rdp does not connect as i bet is missing something to let packets be back? and this for me is weird.

even ping is not UDP ( Base for the tunnel that incapsulates all the others) is ICMP and it works correctly, as far as a traceroute shows packets from siteA shell going correctly through the wireguard tunnel to the siteB Windows Machine.

right now i do a nat in site A to the router public ip on site B then NAT to opnsense  then another NAT to the windows machine

 

7

23.1 Legacy Series / WireGuard site to site NAT

« on: March 17, 2023, 10:06:47 am »

Hi All,
i've set up two opnsense appliances.
Site A) Linode Vm ( No lan interfaces, wireguard vpn tunnel 10.254.254.0/24)
Site B) Local VM ( Many interfaces and wireguard tunnel 10.254.254.0/24)

In site A i have a public IP to reach the firewall like x.x.x.x/32

There's a tunnel working in wireguard with the networks pinging each other, tunnel IPs and from site A to the Machines behind the Site B opnsense like site A 10.254.254.1 can ping site B 10.10.1.2( vm machine)

what i want to make working is that like from port 8080 of the public ip site A can reach the machine 10.10.1.2 8080 on site B that exposes for example a website.

x.x.x.x:8080 <--> 10.10.1.2:8080

setting on site A:
interface: wan
tcp/ip: ipv4
protocol: tcp
destination: wan address
dest port range: 8080 to 8080
redirect target ip: 10.10.1.2
redirect target port: 8080
nat reflection: default

it's not working, or better, i see the tcp/ip connection being established to the remote service/ip on 10.10.1.2 but the service does not reply.

consider that the VM is in a network wheres a rule incapsulate the whole network traffic 10.10.1.0/24 -> any through the site to site tunnell and then goes to internet without any problems. basically checking from the VM what's my ip the remote website shows the linode x.x.x.x public ip.

i hope to had explain it enough to let someone understand and give me a tip to make this working.

The ABOVE, was my problem and now i will explain for me and for all for the future.

Use Manual Rule Generation on outbound nat, then:
Basically i fixed it by adding a NAT on the site A, where i say outbound interface Wireguard has to use it's interface address, and on the NET in Site B, where i say outbound NAT, use interface address. That's all

Cheers!!!

8

General Discussion / port forward on ovpn tunnell

« on: February 22, 2023, 11:31:18 am »

Hi Guys,
i have read lots of posts but can't solve the problem.

i have an opnsense in datacenter site A, where another opnsense site B making a site-to-site vpn.

Site B internet exit correctly through the ovpn tunnel and so exit from Site A to browse internet. both sides see each other correctly.

i want to open a port to site A wan IP, that will be redirected to a site B network port/ip.

if i use interfaces -> diagnostic -> port probe as source address WAN the connection goes timeout, instead using the tunnel ip interface from site A to IP Site B the connection suceed.

so when i try to reach the service, i see the established connection to the remote server but nothing happens.....

i did a simple port forward rule without success.

Site A - B Ovpn Tunnell 10.254.254.0/24
Site B Net 10.10.0.0/16