Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - wtelese

Pages: [1]

Virtual private networks / NAT 1:1 over IPSec

« on: January 19, 2023, 11:33:26 am »

Good morning,
Could you give me a hand on configuring a NAT 1:1 Over IPSec

Site A: Caller
Site B: OPNSense

OPNSense LAN 192.168.200.254
LAN IP Server 192.168.200.1 with Gateway 192.168.200.254

This is the situation
IPSec tunnel successfully created both Phase1 and Phase2
Internal LAN Site A - 172.17.50.192/28
Internal LAN Site B - 172.17.52.80/28

Site A calls via IP 172.17.50.206 the IP address 172.17.52.80 which must be natted 1:1 on the IP 192.168.200.1

I created a Virtual LAN address 172.17.52.80/28

Then I ran the following tests
TEST 1 - 1:1 NAT
Interface: WAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any

TEST 2 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any

TEST 3 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: Any

TEST 4 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: 192.168.200.1/32

Nothing works unfortunately ... and I can't figure out where I'm going wrong.
I read on some forums that the "Block bogon networks" and "Block private networks" items had to be disabled in the WAN interface ... I also removed those flags!

Unfortunately I still don't receive traffic from the IP 172.17.50.206 as expected !

Thanks to anyone who can help me.

Italian - Italiano / NAT 1:1

« on: January 19, 2023, 11:31:24 am »

Buongiorno,
potreste darmi una mano sulla configurazione di un NAT 1:1 Over IPSec

Site A: Chiamante
Site B: OPNSense

OPNSense LAN 192.168.200.254
Server IP LAN 192.168.200.1 con Gateway 192.168.200.1

Questo è la situazione
Tunnel IPSec creato correttamente sia Fase1 che Fase 2
LAN Interna Site A - 172.17.50.192/28
LNA Interna Site B - 172.17.52.80/28

Site A chiama tramite IP 172.17.50.206 l'indirizzo IP 172.17.52.80 che deve essere nattato 1:1 sull'IP 192.168.200.1

Ho creato un indirizzo Virtuale LAN 172.17.52.80/28

Poi ho eseguito le seguenti prove
PROVA 1 - NAT 1:1
Interface: WAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any

PROVA 2 - NAT 1:1
Interface: LAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any

PROVA 3 - NAT 1:1
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: Any

PROVA 4 - NAT 1:1
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: 192.168.200.1/32

Non funziona nulla purtroppo ... e non riesco a capire dove sto sbagliando.
Ho letto su qualche forum che nell'interfaccia WAN andava disabilitata la voce "Block bogon networks" e "Block private networks" ... ho eliminato anche quei flag!

Purtroppo continuo a non ricevere traffico dall'IP 172.17.50.206 come previsto !

Grazie a chi mi saprà dare aiuto.

Virtual private networks / Urgent if possibile - IPSEC Nat - HELP!!

« on: November 17, 2022, 07:47:06 pm »

Hello to everyone,
i've a customers that come to my firewall with VPN IPSEC

SITE A -> WAN 1.2.3.4 LAN 192.168.2.0/24
SITE B -> WAN 4.3.2.1 LAN 172.10.50.80/28

Phase1 - OK!
Phase 2 - Customer - Site B is behind NAT and tould me this parameters
REMOTE IP SITE B 4.3.2.1
PRIVATE SUBNET SITE B 172.10.50.80/28
REMOTE IP SITE A 1.2.3.4
PRIVATE SUBNET SITE A 172.10.52.80/28

In the Phase 2 these are the set parameters
LOCALNETWORK Network 172.17.52.80/28
REMOTENETWORK Network 172.17.50.80/28
Manual SPD Entries 192.168.2.0./24

After i've created a NAT One-to-One
TYPE NAT
EXTERNAL NETWORK 172.17.52.80/28
SOURCE NETWORK 192.168.2.0/24
DESTINATION NETWORK 172.17.50.80/28

BUT ... DO NOT FUNCTION!!

in the LOG the error is

Quote

traffic selectors 172.17.52.80/28 === 172.17.50.192/28 unacceptable

Where am I doing wrong? What the wrong parameter?
Can you help me please.

Italian - Italiano / IPSEC Nat - AIUTO!!

« on: November 17, 2022, 07:36:32 pm »

Ciao a tutti,
ho un dubbio atroce ... ho un cliente che si connette al mio firewall con VPN IPSec

SITO A -> WAN 1.2.3.4 LAN 192.168.2.0/24
SITO B -> WAN 4.3.2.1 LAN 172.10.50.80/28

Per quanto riguarda la FASE1 nessun problema, IPSec viene su, mentre per la fase 2, essendo il SITO B dietro NAT è come se si presentassero con LAN 172.10.52.80/28

Infatti nel LOG viene fuori l'errore

Quote

traffic selectors 172.17.52.80/28 === 172.17.50.192/28 unacceptable

Nella fase 2 nel SITO A (il mio) ho impostato quanto segue
LOCALNETWORK Network 172.17.52.80/28
REMOTENETWORK Network 172.17.50.80/28
Manual SPD Entries 192.168.2.0./24

Poi ho creato un NAT One-to-One
TYPE NAT
EXTERNAL NETWORK 172.17.52.80/28
SOURCE NETWORK 192.168.2.0/24
DESTINATION NETWORK 172.17.50.80/28

Dove sto sbagliando? Qualche anima gentile che possa aiutarmi? Grazie

Pages: [1]