Topics

1

General Discussion / LAN THROUGH IPSEC VPN

« on: April 06, 2019, 02:21:28 am »

Hi,

I have two OPNSENSEs, and they are directly connected, FW2 is connected to the Internet. I expected that LAN on FW1 could access the Internet through a IPSEC link between FW1 and FW2. Here's what I've done:

1. establish the IPSEC between FW1 and FW2;
2. raise a default route 0.0.0.0/0 from FW2 to FW1 in IPSEC;
3. add LAN from FW1 to the NAT rules on FW2;

And it worked fine. I could use the PC under FW1 to access the internet without any problem!

But here's the problem, when I can't to access the FW1 using PC under FW1. When I packet captured on FW2， I found all the pkgs from PC to FW1 are routed to FW2! Could anyone help me to get this work? Any hints would be greate, many thanks!

PC:192.168.0.10/24
FW1 LAN:192.168.0.1/24
FW1 WAN:192.168.40.10/24
FW2 LAN:192.168.40.1/24
FW2 WAN:10.1.2.3/22

2

Chinese - 中文 / ipsec vpn路由问题

« on: April 06, 2019, 02:08:49 am »

大家好，我遇到了一些问题需要大神帮助。

我设置了两台防火墙 FW1,FW2

FW1 LAN:192.168.0.0/24
FW1 WAN: 192.168.40.0/24
FW2 LAN:192.168.40.0/24
FW2 WAN: 10.2.3.4

需求是期望FW1的LAN通过IPSEC VPN与FW2相连，并通过FW2上网；
目前的现象是VPN能够建立，而且也能够通过FW2上网；
但是所有FW1的LAN中的主机都无法直接与其网关通信；
在FW2上抓包发现所有的流量都走到了FW2上，也包括FW1中LAN与网关的通信；
请问有什么办法能让FW1中的LAN主机与网关的通信留在内网不走IPSEC啊？

3

General Discussion / How can I use radius to make certain IP addresses free from accounting?

« on: November 21, 2018, 01:55:15 pm »

Hi. I just recently set a website on eth1 from the OPNsense, and I also activated captive portal and radius accounting on eth2 for the guest users. How can I make the radius just accounting for the traffic from the guests to the WAN without the traffic to the eth1?

Cheers

4

Chinese - 中文 / 关于radius的问题

« on: November 21, 2018, 01:50:45 pm »

大家好，我是新人，问题是这样的：
我在opnsense上的eth0接口部署了一个网站，在eth1口开启了captive portal和radius计费，请问如何能够让radius或者opnsense对于来自于eth1口访问eth0口网站的流量不计费而只对访问wan的流量计费？