OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of TooTired »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - TooTired

Pages: [1]
1
General Discussion / Re: OpenVPN change Tun to TAP in OPNsense VM (debian host)
« on: September 06, 2024, 05:24:13 pm »
If my text drawing will not shift, then this is what I am trying to do.

WWW ------  Router -------- eth0 -------- Debian (host) -------\
                     Router ---- different server on Deb host--- \     \
WWW Client ---- Router (port forward) ---- br0 (eth1) ---- OPNsense VM --- OpenVPN

I need the VPN client to be able to access a separate server locally hosted on the Debian Host.  My understanding is that a this cannot be done using interface TUN but it can be done using interface TAP.  I have done this in the past successfully with a Samba shared network drive.

If I can do this on TUN then I would love to understand how.

2
General Discussion / OpenVPN change Tun to TAP in OPNsense VM (debian host)
« on: September 06, 2024, 02:59:25 pm »
Hi everybody!

I have installed OPNsense inside a VM and configured an OpenVPN server.  My client computers can connect successfully using the TUN interface and access the internet.  I need access to other resources on the host computers' network so I need a TAP interface.  I have changed the interface from TUN to TAP and my clients can connect through the VPN however are unable to ping other devices on the host computers' network.

I suspect that I am having a lot of difficulty because I have not properly configured either firewall or routing rules using OPNsense.  I think that the trouble I have is moving away from editing simple server.conf and iptables (simple text files) to driving the OPNsense nice looking graphical interface.  I could not find any examples of how to configure is a lot more challenging to use than looking at a simple server.conf file and writing forwarding rules to iptables.

Could anyone provide an example of the firewall rules and iptables using the graphical interface?

I feel like it would be a big enhancement if OPNsense would load the server.conf and iptables routes inside a large text input object so I could read my full configuration and edit it using the existing web forms.

Thank you for any suggestions!

3
Virtual private networks / Re: Manually customize the OpenVPN server configuration
« on: September 05, 2024, 11:59:17 pm »
I agree 100% with this post.  I have written a topic recently about my OPNsense VM that I want to use to grant external users access to locally hosted video game servers.  My configuration works really well with high throughput for dev tun however I need dev tap.  I can browse the web connected using dev tap however cannot ping my home network (or host machine) where the game server(s) will reside.

OPNsense seems like a nice all-in-one package until you start to use it.  Now rather than look at one simple server.conf file I have to look in a tree of webpages.  It's a lot more difficult.  As a matter of fact I have done something very similar in the past and I could essentially modify my existing server.conf however I cannot simply copy/paste it to OPNsense.

4
General Discussion / OPNsense IPTables and OpenVPN
« on: September 01, 2024, 05:59:48 pm »
**** Apologies, I had originally wrote this post in "Tutorials and FAQ" so I encourage an Admin to delete that original post located here: https://forum.opnsense.org/index.php?topic=42568.msg210846#msg210846      *****

Hello!  :)

I want to configure a local gaming server hosted on my pc where my neighbors or relatives can connect to play classic games.  Games like Quake, OpenRA, etc.  I want my kids and relatives to see how games were when I was their age.

I want to use OpenVPN from within a virtual machine so that way when I allow a port forward (from my home router) it is to the VM rather than my host machine.  If I turn off the VM then there is no endpoint for the port forward and nobody can use my VPN unless I have the VM running.

My previous experience working with something similar was a XEN set up using Debian that I had configured for a business to remotely access network resources.  This worked very well but was my only time doing such a project and was about 10 years ago so I forget a lot.

Here is my approach:
* Host my OpenVPN server using OPNsense within a qemu/kvm virtual machine so that I can start / stop the vpn server by stopping the VM.

*********** What works ***********

So far I have OPNsense installed in a VM using Qemu/KVM, home router port forwarding to VM, OpenVPN configured on OPNsense.  The system works well as long as I am using TUN (not TAP).  I have between 50/20 Mbps throughput up/down.

**************  What does not work *************
Now the problem is that I need to configure TAP because my game server was not visible to clients using the TUN interface.  I can use my client to browse the internet but I have received errors in the log that "some routes were not successfully added.  The connection may not function properly" and I cannot access to a LAN game server hosted on the VM Host computer.

This attached image shows my configuration that I have just changed from TUN (where it worked) to TAP (does not work).  Well... partially works. 

********************   What I do not understand *****************
Since OPNsense is really an all-in-one solution I do not understand where the gui interface configuration options end if any manual configuration (text files) is necessary.  There are a various resources about how to configure these text files (as I had done in the past) but I am confused by OPNsense because the terminal is limited. 

I also see that for Linux there are some IPTABLES rules that must be added.  Since OPNsense is based upon FreeBSD then I assume that they need to be added.  Does OPNsense add these iptable rules automatically or is there some additional configuration needed from command line?  Should these rules be added to the VM or to the host, or both?

Something along the lines of:
-------------------- copy / paste from a different forum as an example ----------------------
    # Allow traffic initiated from VPN to access LAN
    iptables -I FORWARD -i tun0 -o eth0 \
         -s 10.8.0.0/24 -d 192.168.0.0/24 \
         -m conntrack --ctstate NEW -j ACCEPT

    # Allow established traffic to pass back and forth
    iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
         -j ACCEPT
-----------------------------------------------------------------

I appreciate any clarification to help me (not too technical speak please... my degree is not IT) understand where OPNsense GUI configuration ends, if I need to configure any text files via terminal, and how to use the TAP interface between VM / Host.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2