Messages

1

General Discussion / Re: Access LAN from WAN and/or certain subnet

« on: November 08, 2024, 09:01:03 pm »

looks like i only had to sleep on it

simple as that the solution is a NAT rule taken the idea of my home internet's router where i set a port forward rule so i can access my server from anywhere using public ip (rather dyndns) and a higher port that i forward to 192.168.0.2:22

in my case it looks like this


so i only can access the internal isolated server 10.250.0.200 port 22 from my physical computer xxx.xxx.160.185 using the opnsense server's wan address xxx.xxx.160.19 and port 20022

hope it helps others

2

General Discussion / Access LAN from WAN and/or certain subnet

« on: November 08, 2024, 09:14:59 am »

I'd like to access the LANfrom WAN and from WAN only.
I have tried a lot of combinations of NAT and Firewall rules now I'm getting burned out and just babbling around not sure what to do.
Strictly speaking I'd be fine if 1 IP from WAN (my pc) could access LAN network's 3389 and 22 ports.

OPNSense WAN IP is 192.168.160.19 and my pc is 192.168.160.185. The LAN network is 10.250.0.0/23 and the LAN IP is 10.250.0.1/23 the client in the LAN network is 10.250.1.2/23 gw 10.250.0.1 i can access the internet from LAN.

All on VMWare.

3

High availability / Sync OpenVPN Connection Status Sessions on HA

« on: October 23, 2023, 08:13:09 am »

Hi
The question is if how to synchronize openvpn / connection status / sessions when on HA ot make failover seamless without openvpn client even knowing that master failed over to backup.
I already make radius duo proxy think that it's authenticating against the carp wan vip so i think if both master and backup would have the session information of the vpn connection clients would stay connected in case of failover without user interaction / per say connection interruption.
In addition i have to say our node1 won't sync settings on demand we need to explicitly ask node1 to sync. But when we do that, the information above (vpn sessions) will not show up on node2.
Perhaps it's a nat/firewall rule I'm missing here?
Thanks

4

High availability / How to sync OpenVPN Connection Status Sessions with radius

« on: October 19, 2023, 02:24:22 am »

hi
we have here a pair of servers master/backup everything seems to be working fine.
However we cannot find a way to sync the connection status so when master fails and backup takes over all users get disconnected and have to renegotiate the duo key with their phones.
so on "master" say opnsense1.localhost under VPN / OpenVPN / Connection Status / Sessions there's a list of users who are connected. however on "backup" let's call it opnsense2.localhost there is a list of 0.
that said of course when master dies all the sessions get dropped and users get the duo notification on their phones.
so the question shorter: is there a way to sync "VPN / OpenVPN / Connection Status / Sessions" every reasonable time? (like 10-30-60 seconds)
thanks

once again: 2 servers, carps, vips, ha set up, 3 interfaces (wan, lan, sync) and openvpn with radius set up. seemingly all settings and rules sync but the openvpn status. firewall rule maybe?

thanks for the suggestions