1
22.1 Legacy Series / OPN on Hetzner vSwitch w/public subnet, natted VMs can't browse internet
« on: July 26, 2022, 12:42:32 pm »
Good morning forum, i'm trying to integrate OPN (latest stable) as a firewall on my XCPNG (xen) cluster on Hetzner but cannot get VM behind it browsing web.
Some tech stuff: on Hetzner, each physycal host is connected in a vswitch (vlan) with a public subnet binded to it ( https://docs.hetzner.com/robot/dedicated-server/network/vswitch/ ). So, in a guest vm, if we attach his interface to the vswitch/vlan (MTU 1400) and give an ip from the public subnet, the VM can browse with this new public ip (tested, working).
The problem: i made the same exact configuration for the WAN side of OPNsense istance with some VM connected to the LAN (behind NAT) and those VM can only ping/resolve external addresses but got timeout when browsing internet. Tried reset, pfctl -d, review ruleset but nothing seems help
Any hint? Thank you
Some tech stuff: on Hetzner, each physycal host is connected in a vswitch (vlan) with a public subnet binded to it ( https://docs.hetzner.com/robot/dedicated-server/network/vswitch/ ). So, in a guest vm, if we attach his interface to the vswitch/vlan (MTU 1400) and give an ip from the public subnet, the VM can browse with this new public ip (tested, working).
The problem: i made the same exact configuration for the WAN side of OPNsense istance with some VM connected to the LAN (behind NAT) and those VM can only ping/resolve external addresses but got timeout when browsing internet. Tried reset, pfctl -d, review ruleset but nothing seems help
Any hint? Thank you