Show Posts
1
24.1 Legacy Series / Request: Please Allow Tunnel Interfaces to Be Assigned IPs or Atleast Gateways
« on: February 24, 2024, 06:43:14 am »
Hello!
I wanted to leave this suggestion, though more of a personal request, for the developers. Could you please reconsider how tunnel interfaces (WireGuard for example) are treated when it comes to assigning a static IP address to them?
The reason for this request is needing to have OPNsense automatically generate Outbound NAT rules for the VPN tunnel gateway. Normally, on any other interface, I would simply assign a static IP and then manually select the gateway that should be used. Unfortunately if I try that on a tunnel interface I am greeted with the following error:
"
The following input errors were detected:
Cannot assign an IP configuration type to a tunnel interface.
"
If I try leaving the IP address field alone and just set a gateway I get the additional error: The field IPv4 address is required.
My network set up is very similar to this Reddit thread: https://www.reddit.com/r/PFSENSE/comments/11x60g2/wantowireguardtolan_replyto_bug/?rdt=39763
In my case I'm using VPS hosting (mix of OPNsense and pfSense FWs) to act as a port forwarding front end with a WG VPN tunnel that links to my local OPNsense FW. For the port forward routing to work properly there needs to be outbound NAT rules so that port forwarded traffic flows back out through the VPN tunnel. While I could manually create the outbound rules it would be extremely messy given the number of interfaces I have.
As it stand currently I have to:
For my sanity and possibly others it would be nice to have the ability to set a static IP, or at the very least assign a gateway, to tunnel interfaces from the OPNsense GUI.
Sincerely,
SgtKilgore406
P.S.
This topic is the result of me pulling my hair out the last 3+ hours troubleshooting why my port forwarding stopped after the 24.1 upgrade on my local FW. (Everything else upgraded without issue by the way, great job on this release!)
P.S.S.
I originally started my firewall journey with pfSense, and have about a decade of experience with it. I am currently almost 2 years into my OPNsense journey and really like what it has to offer. I know pfSense allows tunnel interfaces to be assigned IP addresses and I think that would be a nice feature for OPNsense to have as well.
I wanted to leave this suggestion, though more of a personal request, for the developers. Could you please reconsider how tunnel interfaces (WireGuard for example) are treated when it comes to assigning a static IP address to them?
The reason for this request is needing to have OPNsense automatically generate Outbound NAT rules for the VPN tunnel gateway. Normally, on any other interface, I would simply assign a static IP and then manually select the gateway that should be used. Unfortunately if I try that on a tunnel interface I am greeted with the following error:
"
The following input errors were detected:
Cannot assign an IP configuration type to a tunnel interface.
"
If I try leaving the IP address field alone and just set a gateway I get the additional error: The field IPv4 address is required.
My network set up is very similar to this Reddit thread: https://www.reddit.com/r/PFSENSE/comments/11x60g2/wantowireguardtolan_replyto_bug/?rdt=39763
In my case I'm using VPS hosting (mix of OPNsense and pfSense FWs) to act as a port forwarding front end with a WG VPN tunnel that links to my local OPNsense FW. For the port forward routing to work properly there needs to be outbound NAT rules so that port forwarded traffic flows back out through the VPN tunnel. While I could manually create the outbound rules it would be extremely messy given the number of interfaces I have.
As it stand currently I have to:
- Export my configuration.
- Find the tunnel interface in question.
- Add the following line to the interface: <gateway>GATEWAY_NAME_GW_IPv4</gateway>
- Then re-import the configuration. For the re-import I just select the interfaces.
For my sanity and possibly others it would be nice to have the ability to set a static IP, or at the very least assign a gateway, to tunnel interfaces from the OPNsense GUI.
Sincerely,
SgtKilgore406
P.S.
This topic is the result of me pulling my hair out the last 3+ hours troubleshooting why my port forwarding stopped after the 24.1 upgrade on my local FW. (Everything else upgraded without issue by the way, great job on this release!)
P.S.S.
I originally started my firewall journey with pfSense, and have about a decade of experience with it. I am currently almost 2 years into my OPNsense journey and really like what it has to offer. I know pfSense allows tunnel interfaces to be assigned IP addresses and I think that would be a nice feature for OPNsense to have as well.