Topics

1

18.1 Legacy Series / Help! Cannot access WebGUI and NAT reflection after setting up IPSec site to sit

« on: April 25, 2018, 04:42:29 am »

So, I followed a tutorial to enable IPsec tunneling between two of my sites (This https://www.youtube.com/watch?v=2IdV4CgHo3w&feature=share is the actual tutorial, it's for PFsense, but the workflow is obviously very similar to the official OPNsense tutorial https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html). The only new firewall rule I put into was for UDP to be passed from the specific hostname of the second site coming in to the WAN side (to be honest, only for port 500, I forgot to do 4500/hadn't gotten there yet). I put together the Phase 1 and Phase 2 stuff in IPsec, hit save and enabled the IPSec service. This is when WebGUI access on the LAN side quit.

Now, I cannot get to the WebGUI on the LAN side for either site, I can, however, use the WAN IP to get to the WebGUI. This is a problem for one of the sites because there are 80 and 443 port forward rules to a web server, which is why I need help.

And site to site isn't working either...but one problem at a time.

I don't understand what I did that would adjust the behavior of being able to access the WebGUI on the LAN side for both sites. I'm a little confused on what I can do to get WebGUI access behaving like it should.

I don't think SSH is enabled, but I have access to the physical machines so I could use shell.

Is there any way to disable IPsec from the command line so I can get back to testing/tweaking this setup?

Is there any specific reason that NAT reflection would suddenly become disabled once IPsec enabled (albeit incorrectly configured)?

Do you have any suggestions?

2

17.1 Legacy Series / Intrusion Detection w/ IPS enabled = nothing works

« on: May 15, 2017, 01:39:13 am »

Hello, I'm having a strange issue when I enable Intrusion Detection and IPS.

When both are enabled, my port forwards are no longer open (tested via port scan from outside of the network) and none of my websites resolve/load within the local network. I notice when I enable Intrusion Detection with IPS mode enabled, there are a few lines of code that scroll past on the console. I've attached a screenshot.

In the screenshot...
-> The white lines show up when IDS/IPS is enabled. At this point, no traffic flows to client machines (websites sit loading/spinning) and port forwards disappear from outside.
-> The last line at the bottom shows up when IDS/IPS is disabled. Then, all 'stuck' website queries/traffic suddenly shows up and ports are re-opened on the outside.

A little bit about my environment:
-Proxmox (5 BETA) host w/ bridged ports from a dual nic (RTL8111 chipset) (host is Xeon 1240, can't do passthrough)
-OPNsense 17.1.6-amd64
-Hardware CRC, TSO, LRO, and VLAN filtering all disabled
-IDS enabled on the WAN port
-the general array of 'default'/already enabled/disabled rules still checked/unchecked

I'd much prefer being able to enable Intrusion Detection and IPS    but it's strange that nothing else seems to work when they are... Any ideas?