Messages

1

General Discussion / [Solved] VPN IPSEC site to site with virutal networks

« on: July 23, 2024, 12:26:07 pm »

Hello, i solved my issue by reading this guy's post :

https://www.reddit.com/r/OPNsenseFirewall/comments/hrdzti/nat_not_working_with_ipsec_vpn/

2

Virtual private networks / Re: [SOLVED] Outbound NAT to IPSEC tunnel

« on: July 17, 2024, 11:50:37 am »

Hello , i read your post on reddit, i was wondering if you could help me find a solution to my problem , i have the same issue , i've added the SPD entries and everything , the one to one NAT is correctly configured , the only difference that i have is that my WAN network isn't what i put inside the VPN tunnel in phase 2 , i have two virtual networks that needs to communicate in phase 2 ( 10.100.100.0/24 <--------IPSEC--------> 10.200.200.0/24 ), i don't know what i'm doing wrong , but if you have any idea , please share it !!

3

General Discussion / Re: One to One NAT/Port Forward to Virtual IP in a LAN interface

« on: July 16, 2024, 10:02:02 am »

Hello , i'm having the same issue , did you find a solution to your problem ?

4

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 15, 2024, 02:13:01 pm »

it's okay, thank you for your help , you really helped me alot , in the opnsense , it keeps blocking the RDP traffic :

5

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 15, 2024, 09:11:56 am »

when i sniffed packets using wireshark , this is what i see :

6

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 12, 2024, 02:21:56 pm »

Quick update , the ICMP works, but when i try RDP , it doesn't work , i have a question , does the BINAT do PAT ?

7

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 12, 2024, 10:45:52 am »

Hello again ,

It worked from the stormshield to the OPNsense :

<a href="https://ibb.co/qMDt3JL"><img src="https://i.ibb.co/SX6h4fD/Capture.png" alt="Capture" border="0" /></a>
but not from the OPNsense to stormshield !

8

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 11, 2024, 04:44:55 pm »

Hello,

thanks for the document , it worked !

9

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 11, 2024, 03:25:23 pm »

Also , because we got alot of VPN tunnels in our stormshield firewall , we have to create virtual networks in order to avoid ip adress conflict

10

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 11, 2024, 03:23:49 pm »

Hello , thank you for your answer,

I need to NAT because the two networks are behind a virutal Network :

| 192.168.2.0/24 | -------------- (Stormshield [virt: 10.100.100.0/24]) ====ipsec==== (Opnsense[virt: 10.200.200.0/24]) -------------- | 192.168.100.0/24 |


in my case my LAN 192.168.100.0/24 has to be behind the network 10.200.200.0/24 ,

First i wanna know if it's possible to do it in opnsense because i tried to do it with Stormshield and it worked perfectly , and if it's possible how could we do it ( create the virtual network and apply the nat rules to translate from the virtual network to the local network )

11

General Discussion / Re: VPN IPSEC site to site with virutal networks

« on: July 02, 2024, 03:49:15 pm »

Can anyone who knows how take time to answer?
i would really appreciate it !

12

General Discussion / VPN IPSEC site to site with virutal networks

« on: June 28, 2024, 04:02:44 pm »

Hello Forum,

I hope you're doing well.

I need some information about configuring an IPsec VPN on an OPNsense firewall.

I created an IPsec tunnel with a Stormshield firewall using virtual networks, but I'm unable to test the VPN tunnel. I don't know how to create virtual IP addresses and attach them to a physical interface using NAT in OPNsense. There are three types of NAT in OPNsense, and I'm unsure which one to use: NAT 1:1, outbound NAT, or port forward NAT.

I need your help to understand what I'm doing wrong. On the Stormshield firewall, I created a virtual network, which is preceded by a physical network. On the OPNsense firewall, I didn't create a virtual network, but I added it in the IPsec Phase 2 configuration.

Can you guys give me an idea of the NAT and filtering configurations that i should add in the opnsense.

Here's what the VPN tunnel looks like:


| 192.168.2.0/24 | -------------- (Stormshield [virt: 10.100.100.0/24]) ====ipsec==== (Opnsense[virt: 10.200.200.0/24]) -------------- | 192.168.100.0/24 |


This is what i'm trying to test:

Ping from 192.168.100.0/24 to 10.100.100.0/24 , i have created an object in stormshield network , that is NATTED to a physical ip address 192.168.2.201/24, but i don't know how to do the same thing in opnsense for a physical machine !

Thank you for your time guys !