1
20.1 Legacy Series / IPv6RD broken again?
« on: February 02, 2020, 01:19:52 am »
I just spun up a fresh instance of 19.7 and IPv6RD worked. Upgraded to 20.1 and can't get an IP anymore. Anyone else got it working?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
19.1 Legacy Series / Port forwarding through VPN
« on: June 25, 2019, 11:01:32 pm »
Port forward behind VPN
I made a similar post a while back when I used PIA and couldn't get it to work. I switched to Mullvad (they let you keep a fixed port) and got it working straight off the bat. I had some computer issues (non OPNsense related) and had to set everything up from scratch. Now I can't get it working anymore..
I've set up the VPN client, assigned it an interface and that works as it should. I've set up a rule on the LAN interface:
I've got a rule below that on the LAN interface to block traffic when the VPN client is down:
So far so good, when I down the VPN client the traffic is blocked.
I then have manual outbound NAT:
For the port forwarding I've tried multiple ways but this is the current one
Firewall: NAT: Port forward
I've set up an Nginx server listening at the end just to make it as simple as possible. Locally it works (with the NAT reflection) but no response from external network or remote port checkers. I can see the packets being allowed through the firewall directed to the correct LAN IP but it's like they don't get routed back out the correct way.
I've tried making a manual rule for NAT under the VPN interface and as a floating rule. Any suggestions would be highly appreciated.
I made a similar post a while back when I used PIA and couldn't get it to work. I switched to Mullvad (they let you keep a fixed port) and got it working straight off the bat. I had some computer issues (non OPNsense related) and had to set everything up from scratch. Now I can't get it working anymore..
I've set up the VPN client, assigned it an interface and that works as it should. I've set up a rule on the LAN interface:
Code: [Select]
Pass
LAN Interface
IPv4
Any protocol
VPN alias source
Any destination
Any port
VPN Gateway
I've got a rule below that on the LAN interface to block traffic when the VPN client is down:
Code: [Select]
Block
LAN interface
IPv4
Any protocol
VPN alias source
Any destination
Any port
Default gatewaySo far so good, when I down the VPN client the traffic is blocked.
I then have manual outbound NAT:
Code: [Select]
VPN interface
IPv4
Any protocol
VPN alias source
Any destination
Translation/target interface addressFor the port forwarding I've tried multiple ways but this is the current one
Firewall: NAT: Port forward
Code: [Select]
VPN interface
IPv4
TCP/UDP
Any destination
Destination port alias (Port opened at Mullvad)
Redirect to single host IP
Redirect to targe port HTTP
NAT reflection on
Add associated filter ruleI've set up an Nginx server listening at the end just to make it as simple as possible. Locally it works (with the NAT reflection) but no response from external network or remote port checkers. I can see the packets being allowed through the firewall directed to the correct LAN IP but it's like they don't get routed back out the correct way.
I've tried making a manual rule for NAT under the VPN interface and as a floating rule. Any suggestions would be highly appreciated.
3
19.1 Legacy Series / [SOLVED] IPv6RD working but not able to detect external IP?
« on: February 18, 2019, 09:38:55 pm »
I'm not sure if this is an issue or if I'm just misunderstanding something.
I've got IPv6 set up and it's working fine. I can ping6 google.com and I can access ipv6.google.com just fine from any device on my network. IPv6 test sites also reports everything fine.
So today I decided to include my IPv6 in my DNS. I've got a CNAME pointed at DuckDNS which works fine for IPv4 but fails for IPv6 with "Aborted IPv6 detection: no address for re1"
When checking the WAN interface (Interface widget and Interfaces -> Overview) it does in fact seem like it doesn't have a global IPv6, just a link-local address. The LAN interface has a global address.
I can however ping6 google.com just fine from my WAN interface, it also shows me the WAN IPv6 address.
--- google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 16.717/16.789/16.884/0.070 ms
So, shouldn't OPNsense show that the WAN interface does in fact have an IPv6 configured or is it just something misconfigured at my end?
I've got IPv6 set up and it's working fine. I can ping6 google.com and I can access ipv6.google.com just fine from any device on my network. IPv6 test sites also reports everything fine.
So today I decided to include my IPv6 in my DNS. I've got a CNAME pointed at DuckDNS which works fine for IPv4 but fails for IPv6 with "Aborted IPv6 detection: no address for re1"
When checking the WAN interface (Interface widget and Interfaces -> Overview) it does in fact seem like it doesn't have a global IPv6, just a link-local address. The LAN interface has a global address.
I can however ping6 google.com just fine from my WAN interface, it also shows me the WAN IPv6 address.
--- google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 16.717/16.789/16.884/0.070 ms
So, shouldn't OPNsense show that the WAN interface does in fact have an IPv6 configured or is it just something misconfigured at my end?
4
18.7 Legacy Series / SOLVED: Troubleshooting port forwarding
« on: January 23, 2019, 08:55:20 pm »
I'm actually not quite sure where to start troubleshooting this and could use some guidance to get started.
I've had port forwarding on my OPNsense box working now for years. I haven't touched the rules but might have touched some other setting.. The port forwards are to multiple machines on my network so it is unlikely that I messed up all of them at the same time:)
I've tried the really basic stuff, rebooting, removing and adding the rule. I could of course try to roll back but I've changed a lot of settings in HAproxy and the LetsEncrypt plugin so that's mainly what's in my history.
Local IP:port works so the machines respond on LAN. My WAN address also responds as long as I'm connected to my LAN but not from WAN.. So the rule works with NAT reflection but not NAT? This is what puzzles me, why does it work internally but not externally?
Can anyone spot an obvious mistake? This one for example for Plex
And my advanced firewall settings
I've had port forwarding on my OPNsense box working now for years. I haven't touched the rules but might have touched some other setting.. The port forwards are to multiple machines on my network so it is unlikely that I messed up all of them at the same time:)
I've tried the really basic stuff, rebooting, removing and adding the rule. I could of course try to roll back but I've changed a lot of settings in HAproxy and the LetsEncrypt plugin so that's mainly what's in my history.
Local IP:port works so the machines respond on LAN. My WAN address also responds as long as I'm connected to my LAN but not from WAN.. So the rule works with NAT reflection but not NAT? This is what puzzles me, why does it work internally but not externally?
Can anyone spot an obvious mistake? This one for example for Plex
And my advanced firewall settings
Pages: [1]