Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - tcb

Pages1
#1
General Discussion / Re: Cannot reach DNS server through IPSec tunnel
March 27, 2025, 08:36:59 PM
Hi,

thanks for your reply!

This is a site2site IPSec tunnel.

It's a Windows DNS-Server behind an OPNSense at one end of the tunnel.
The client is on the other side of the tunnel behind a draytek vigor router.

#2
General Discussion / Cannot reach DNS server through IPSec tunnel
March 23, 2025, 06:12:08 PM
Hi,

I am trying to reach a dns server through my IPSec tunnel, but it seems like something is blocking the connection.

Code Select
Resolve-DnsName : test.local : DNS name does not exist
At line:1 char:1
+ Resolve-DnsName -Name test.local -Server 192.168.20.254
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (test.local:String) [Resolve-DnsName], Win32Exception
    + FullyQualifiedErrorId : DNS_ERROR_RCODE_NAME_ERROR,Microsoft.DnsClient.Commands.ResolveDnsName
Resolve from within local network works just fine

Code Select
Resolve-DnsName -Name test.local -Server 192.168.20.254

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
test.local                                     A      60    Answer     10.10.20.1
test.local                                     A      60    Answer     10.10.20.1
I disabled DNSMasq and unbound on the firewall.

I am not sure where to start debugging.

Any help to get me into the reight direction would be great.

Thanks in advance!
#3
General Discussion / CPE VPN device behind OPNSense
December 13, 2024, 11:27:33 AM
Hi,

i need to add a CPE device for an SD-WAN solution behind our OPNSens. Certain networks of remote branches needs to be routed through this device. It should have just limited access to the internet and be isolated from other devices. It's connected to two individual ports on OPNSense.

My apporach would be to create 2 independent networks on this two NICs: 192.168.100.1/24 and 192.168.101.1/24. The CPE would have 192.168.100.2/24 on WAN and 192.168.101.2/24 on LAN. I would then set firewall rules to allow traffic. I need to set routes to reach remote networks through the CPE.

Does this make sense? Is there any simple way of doing it? How would be your approach? What should i take care of in terms of config and security best practice?

Thanks for all comments and recommendations!

Regards
Pages1