"
Hello all,
I am very new using OPNsense, so please keep this in mind.
Currently I am facing an issue which is driving me mad.
Scenario:
- Route based (VTI) IPSEC tunnel
- LAN: 172.30.0.0/24
- Remote Nets which should be reached through the tunnel: 80.250.131.0/24 and 80.250.136.0/22
So far so good. I have set up the tunnel, which is working.
I have a Virtual Tunnel Interface like this:
Local address: 172.30.255.4 (OPNSense running on Azure, this is the Untrusted NIC with public IP)
Remote address: 1.2.3.4 (obfuscated)
Tunnel local address: 10.112.1.1
Tunnel remote address: 10.112.1.2
I have also setup routes accordingly.
So far all of this is working. Traffic is being sent through the tunnel.
Now for the catch: Remote wants me to use SNAT, so my connections through the tunnel should originate from 172.19.221.0/24
To do this, I have set up One-to-One NAT like this:
- Interface: IPSEC10
- Type: BINAT
- External Network: 172.19.221.0/24
- Source: 172.30.0.0/24
- Destination: Remote Nets mentioned above
With this setup, I get super weird behaviour. The traffic gets blocked and allowed by the same firewall rule at the same time. I have attached screenshots.
Currently I have no clue what is going on and how to fix this, hopefully someone can help me. Like I mentioned, I am very new to OPNSense. I am happy to provide logs etc, but I may need some guidance on how or where exactly to export them if needed. :)
I am very new using OPNsense, so please keep this in mind.
Currently I am facing an issue which is driving me mad.
Scenario:
- Route based (VTI) IPSEC tunnel
- LAN: 172.30.0.0/24
- Remote Nets which should be reached through the tunnel: 80.250.131.0/24 and 80.250.136.0/22
So far so good. I have set up the tunnel, which is working.
I have a Virtual Tunnel Interface like this:
Local address: 172.30.255.4 (OPNSense running on Azure, this is the Untrusted NIC with public IP)
Remote address: 1.2.3.4 (obfuscated)
Tunnel local address: 10.112.1.1
Tunnel remote address: 10.112.1.2
I have also setup routes accordingly.
So far all of this is working. Traffic is being sent through the tunnel.
Now for the catch: Remote wants me to use SNAT, so my connections through the tunnel should originate from 172.19.221.0/24
To do this, I have set up One-to-One NAT like this:
- Interface: IPSEC10
- Type: BINAT
- External Network: 172.19.221.0/24
- Source: 172.30.0.0/24
- Destination: Remote Nets mentioned above
With this setup, I get super weird behaviour. The traffic gets blocked and allowed by the same firewall rule at the same time. I have attached screenshots.
Currently I have no clue what is going on and how to fix this, hopefully someone can help me. Like I mentioned, I am very new to OPNSense. I am happy to provide logs etc, but I may need some guidance on how or where exactly to export them if needed. :)
