Messages

1

18.1 Legacy Series / Re: 18.1.9 Static port does not work with RTSP server UDP mode

« on: June 09, 2018, 10:29:47 am »

I tried pfsense and face the same issue, and I worked with an experienced pfsense guy and determine it is a bug with pfsense, and it does not happen with old pfsense 2.3

Seems opnsense have this bug too since they share same code base?

https://forum.netgate.com/topic/131765/nat-problem-with-rtcp-server

2

18.1 Legacy Series / Re: Is this a bug?NAT port cannot be different?

« on: June 04, 2018, 05:39:47 am »

Actually I spoke too soon, it was working yesterday on UDP mode, but this morning it does not work. I rebooted the firewall and everything to confirm again, and it works on TCP, and not UDP. i started a new thread on it.

https://forum.opnsense.org/index.php?topic=8825.0

3

18.1 Legacy Series / 18.1.9 Static port does not work with RTSP server UDP mode

« on: June 04, 2018, 05:37:44 am »

Hi, I have RTSP server in my LAN. I can connect to it fine with TCP but not with UDP. I understand there is a source port rewrite which I must disable, however that is not working.





When I do a packet capture on WAN, I can see the TCP part going back but the UDP packets are going to a different (and wrong?) port.

4

18.1 Legacy Series / Re: Is this a bug?NAT port cannot be different?

« on: June 04, 2018, 02:39:33 am »

thanks for replying. I have another deployment using IPtables, which I could do this fine.

Btw, I posted to the wrong category, how can I move it?

5

18.1 Legacy Series / Is this a bug?NAT port cannot be different?

« on: June 03, 2018, 06:56:47 pm »

Hi, I'm running an RTSP server behind NAT. I find that using the same ports 554, it works but if I set the incoming ports to a different one, it does not work. Is that supposed to be so?

6

18.1 Legacy Series / IPSec Road Warrior received proposals inacceptable

« on: April 29, 2018, 08:53:17 am »

I've setup and open the firewalls following this opensense guide

https://docs.opnsense.org/manual/how-tos/ipsec-road.html

The tunnel setup I've followed this pfsense guide. This guide works when I setup on pfsense.

https://forum.pfsense.org/index.php?topic=127457.0

Mobile Client Phase 1
Key Exchange version V2

Phase 1 proposal
EAP-MSCHAPV2
My Identifier (Tried various settings, My IP Adrress, IPAddress,

I'm usin windows 7 to connect, imported the CA cert fine, and but I cannot connect. The log shows

Apr 29 14:38:16   charon: 14[NET] sending packet: from 192.168.1.239[500] to 192.168.1.99[500] (36 bytes)
Apr 29 14:38:16   charon: 14[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Apr 29 14:38:16   charon: 14[IKE] received proposals inacceptable
Apr 29 14:38:16   charon: 14[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256
Apr 29 14:38:16   charon: 14[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024

7

18.1 Legacy Series / Re: Cannot access internet from LAN

« on: April 24, 2018, 07:12:49 am »

I need to manully add NAT outbound rule to any to get it to work. The auto generated rule does not allow it.

8

18.1 Legacy Series / Re: Cannot access internet from LAN

« on: April 24, 2018, 07:09:15 am »

It's behind another router. Nope "Block private network" is unchecked.

The same setup works with pfsense VM fine, and both are fresh setup.  I configured the same way as pfsense.

9

18.1 Legacy Series / Cannot access internet from LAN

« on: April 23, 2018, 01:42:54 pm »

Hi, this is a new setup running on a VM (Xenserver) with 2 NICs.

I have setup one for WAN, one for LAN. From my LAN, I'm unable to access internet (ping 8.8.8.8 fails).

I have same setup running a fresh install of pfsense, have similar problem. I needed to add a firewall LAN rule to LAN net to access to get it working on pfsense.

pfsensefirewall.jpg

I see OPNSense have setup that rule automatically (nice), but the firewall logs shows it passes (e.g. 10.0.0X)

opnsense1.jpg
opnsense2.jpg
opnsense3.jpg

10

General Discussion / Single IP to multiple VM, non standard port

« on: February 26, 2018, 03:34:51 am »

Hi,

I'm new to OPNSense. I want to have one public IP, on listening port 554 which is served to multiple internal NAT VM. With port 80, we can use HAProxy, that is easy but my VM are serving RTSP video to port 554 so there is a TCP handshake followed by outbound UDP to port 554.

Something like this , is that doable with OPNSense.

https://raymii.org/s/tutorials/Proxmox_VE_One_Public_IP.html