OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of d4rkd3n1337 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - d4rkd3n1337

Pages: [1]
1
24.7 Production Series / Re: GRE over NAT
« on: August 25, 2024, 12:07:16 pm »
so, I'm trying start iperf with udp, (iperf3 -c server.behind.tunnel -u -b 120M) and get 120Mbit\s (of course with losses, its UDP). But I don't understand yet, where do I need to set MSS? In the firewall settings (normalization) or on the gates with GRE? or both (OPNsense with GRE, OPNsense with NAT GRE and Cisco with GRE)?

2
24.7 Production Series / Re: GRE over NAT
« on: August 25, 2024, 11:35:30 am »
Good idea. But, it is globally, right? On GRE sites (cisco\opnsense mtu set to 1476)
From here, I have next question - where natting GRE, we decrement MTU?

3
24.7 Production Series / GRE over NAT
« on: August 25, 2024, 11:07:05 am »
Hello, guys. I really hope that there are experts among you.
I have next setup:
First site:
OPNsense edge gate\fw (ISP public ip, for example 1.1.1.1) (DMZ ip: for example 10.1.1.1)
Cisco Router in DMZ with tunnels (GRE) interfaces: 10.1.1.2

Second site:
OPNsense edge gate\fw (ISP public ip, for example: 2.2.2.2)

I have working GRE tunnel by scheme:
S2 OPNSense -> MyOPNSense ->  (NAT GRE) -> Cisco
by this scheme I have ~60-80mbit troughpout
Today, for testing I made GRE tunnel in local network (vm to cisco), and I get over 600mbit!
Maybe, in OPNsense have settings for GRE over NAT? Because it's very strange.
What can bottleneck?

Ex configs:
Cisco:
interface ga0/0 - ip address 10.1.1.2/24 (DMZ)
interface Tunnel2
(GRE) ip address 10.0.91.1/30
(GRE) tunnel source 10.1.1.2
(GRE) tunnel destination 2.2.2.2

S2 OPNsense:
em0 (WAN, public ISP, anyway...) - ip: 2.2.2.2
gre0:
source - 2.2.2.2
destination - 1.1.1.1
gre local 10.0.91.2/30

If need, I can provide more info
And sorry for my bad english

4
24.1 Legacy Series / NAT Reflection for remote (not directly attached) network
« on: May 20, 2024, 09:57:49 pm »
Hello, folks

I see in mans that NAT reflection works only for directly attached networks.

I have next scheme:
OPNsense gate, watching to WAN network and have LAN network (10.1.1.0/24).
Cisco gate, one port attached to 10.1.1.0/24 and hame self networks (172.16.1.0/24 etc)

with nat reflection I perfectly can connect to WAN_IP:80/443 etc from any host 10.1.1.0/24
but from remote local net (ex. 172.16.3.0/24) I cant reach WAN_IP.

What manual rule I must create in outbound NAT?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2