OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ja133 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ja133

Pages: [1]
1
24.7 Production Series / ipv6 over VLAN that tunnels traffic over WG
« on: November 15, 2024, 01:15:31 pm »
Hi everyone, I've been trying for several weeks but cannot crack this case

Scenario:
  • Wireguard VPN with "disable routes" checked
  • VLAN 100. All traffic connected to VLAN 100 should tunnel through the WG VPN

I have this working with ipv4, once the client connects to VLAN 100, it picks up an IPv4 within that subnet, and v4 traffic is successfully routed over the VPN. Unfortunately, when it comes to ipv6, I am about to break my head.

I do not want to configure Track Interface because I do not want to pick up ipv6 from the local ISP. I am also open to the idea of having all tunneled ipv6 traffic use the interface ipv6 address on the remote side, rather than having each client advertise its own ipv6 address.

If someone can point me in the right direction, I would greatly appreciate it

I think the first step right now is to at least get the client to pick up an ipv6 via DHCP. From there it sounds like I just need to make sure I have the correct Rules in place (to use the WG gateway for ipv6 traffic), and possibly an outbound NAT rule.

Thank you in advance

2
General Discussion / Re: Connected to VPN, unable to take advantage of rules using VTI gateway
« on: July 07, 2023, 02:08:06 pm »
Thank you. After running a packet capture I realized that the issue was unrelated to MTU. I had to create an outbound NAT rule. Source is the WG subnet, destination is the alias I created, and NAT address is the OPT interface address associated with the VPN.

3
General Discussion / Connected to VPN, unable to take advantage of rules using VTI gateway
« on: June 23, 2023, 04:51:05 am »
Hello, long time lurker, first post. I moved over from pfSense a few months ago and couldn't be happier!

Anyhow, one small issue. I am hosting my own VPN server with both OpenVPN and Wireguard and I experience the same issue on both services. I also have a VTI with Wireguard (but already tried changing it to IPSec, and experienced the same exact issue)

Under the firewall rules (both openVPN and WG), I created a rule to route a specific alias over the VTI. When trying to access the alias from the VPN, the page tries to load. I get the favicon, but eventually it just times out.

Copy the exact same rule but under the LAN interface, and it works perfectly when accessing from my home network

Sounds like an MTU issue to me, and I've played around with it but no luck. Any other suggestions?

Thank you

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2