"
Solved with a simple Outbound NAT
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#17
19.7 Legacy Series / NATting OpenVPN -> IPSec
February 25, 2020, 03:04:53 PM
Hi.
I've an established IPSec tunnel going from our LAN to a remote network. Then I have an OpenVPN tunnel for accessing our LAN from outside. I need to NAT OpenVPN network to the IPSec tunnel, because I cannot manage the other endpoint to add a new network.
In pfSense I added a second P2 entry with the OpenVPN subnet and I was able to NAT it to the LAN address. In OPNsense I understand I need to use BiNAT, but I must have missed something.
On IPSec I added a manual SPD entry with the OpenVPN net.
In Firewall > NAT > One-to-One I added an entry with OpenVPN NET as External, and firewall's LAN ip as Internal IP. Any as destination.
But this way it's not working. What's wrong?
Thanks
I've an established IPSec tunnel going from our LAN to a remote network. Then I have an OpenVPN tunnel for accessing our LAN from outside. I need to NAT OpenVPN network to the IPSec tunnel, because I cannot manage the other endpoint to add a new network.
In pfSense I added a second P2 entry with the OpenVPN subnet and I was able to NAT it to the LAN address. In OPNsense I understand I need to use BiNAT, but I must have missed something.
On IPSec I added a manual SPD entry with the OpenVPN net.
In Firewall > NAT > One-to-One I added an entry with OpenVPN NET as External, and firewall's LAN ip as Internal IP. Any as destination.
But this way it's not working. What's wrong?
Thanks
#18
19.7 Legacy Series / IPv6 tunnel broker: unable to accept incoming connections
January 11, 2020, 01:24:33 AM
I've set up IPv6 via Tunnelbroker GIF interface. IPv6 is working fine for the LAN, outgoing connections are fine and ping6 from firewall and from LAN clients is ok. But I cannot make work the way around. I'm trying to access the firewall over IPv6 but it doesn't work, neither via https nor OpenVPN server. Actually neither traceroute6 or ping6 to the firewall LAN address (routed /64 from Tunnelbroker) work. I'm not even able to ping the GIF ipv6 address (while it works for the server endpoint).
I've enabled IPv6 ICMP on LAN and GIF interfaces with * destination. At this point I'm not sure if it's a firewall config problem or elsewhere... Any hint would be welcome! Thanks
I've enabled IPv6 ICMP on LAN and GIF interfaces with * destination. At this point I'm not sure if it's a firewall config problem or elsewhere... Any hint would be welcome! Thanks
#19
19.7 Legacy Series / Re: Syslog receiver/server
December 17, 2019, 01:12:10 PM
Ok, thank you for the feedback
#20
19.7 Legacy Series / Re: Syslog receiver/server
December 11, 2019, 06:33:56 PM
Thanks. This is not really a security endpoint, just a middle firewall, so I don't bother much about security in this specific situation.
You say it's still not possible, right? I'd better turn to a standard distro and setup the services I need there, do I?
Thanks again
You say it's still not possible, right? I'd better turn to a standard distro and setup the services I need there, do I?
Thanks again
#21
19.7 Legacy Series / Syslog receiver/server
December 11, 2019, 10:02:51 AM
Is it possible to enable OPNsense as a syslog receiver for other devices in the LAN? I found everthing for sending logs outside, but not for being a syslog server.
Thanks
Thanks
#22
Hardware and Performance / Dual SSID on Atheros 6280
November 13, 2018, 03:20:03 PM
Hi
I've done some searches but couldn't figure out definitely: is it possible to have a dual SSID for an Atheros 6280 card? We've bought a Celeron N2930 based board with the above chipset, which if I got it right should support dual SSID. We would like to have a 2.4 and a 5GHz network.
From what I understand pfSense doesn't support this feature but OPNsense should. I've tried configuring wifi on the latter (latest version downloaded yesterday) but when creating the second WIFI interface it returns error, saying it's probably not supported by the driver or the chipset.
Is this expected to work?
thanks
I've done some searches but couldn't figure out definitely: is it possible to have a dual SSID for an Atheros 6280 card? We've bought a Celeron N2930 based board with the above chipset, which if I got it right should support dual SSID. We would like to have a 2.4 and a 5GHz network.
From what I understand pfSense doesn't support this feature but OPNsense should. I've tried configuring wifi on the latter (latest version downloaded yesterday) but when creating the second WIFI interface it returns error, saying it's probably not supported by the driver or the chipset.
Is this expected to work?
thanks
#23
18.1 Legacy Series / Re: MultiWAN and FTP
July 19, 2018, 10:30:36 PMQuote from: namezero111111 on July 19, 2018, 07:29:12 PMwhat do you mean exactly? two gateway groups?
maxxer, we setup two failover pools for subranges so that they get bound to one gateway.
#24
18.1 Legacy Series / Re: MultiWAN and FTP
July 19, 2018, 03:13:49 PM
Did you fix FTP with multiwan?
#25
18.1 Legacy Series / Intermittent DNS resolution problems
July 19, 2018, 12:29:37 PM
Hi.
I've setup a new system with 18.1.12. We have 3 WANs, set up following the guide on the docs. I've also enabled Unbuond DNS resolver to provider better DNS to the LAN.
Unfortunately sometimes the DNS is not responding, and so far I was unable to track down the problem and understand where it comes from.
As per the guide I've set up a DNS for every WAN (google and opendns), and if I go to Interfaces > Diagnostic > DNS lookup it always work fast (even for 127.0.0.1). But if from the PC where I perform the test via web I try a dig it returns timeout! I repeat the dig command for two or three times always returing timeout! Then, suddendly, I run dig once more and it returns immediately the result.
I've configured the firewall DNS rule (chapter 5 of the guide above), even if I don't exactly understand why it's needed: if the DNS IP is the firewall address, why should a LAN connection use the gateway?
Any hint on how to debug the problem is very welcome. thanks
I've setup a new system with 18.1.12. We have 3 WANs, set up following the guide on the docs. I've also enabled Unbuond DNS resolver to provider better DNS to the LAN.
Unfortunately sometimes the DNS is not responding, and so far I was unable to track down the problem and understand where it comes from.
As per the guide I've set up a DNS for every WAN (google and opendns), and if I go to Interfaces > Diagnostic > DNS lookup it always work fast (even for 127.0.0.1). But if from the PC where I perform the test via web I try a dig it returns timeout! I repeat the dig command for two or three times always returing timeout! Then, suddendly, I run dig once more and it returns immediately the result.
I've configured the firewall DNS rule (chapter 5 of the guide above), even if I don't exactly understand why it's needed: if the DNS IP is the firewall address, why should a LAN connection use the gateway?
Any hint on how to debug the problem is very welcome. thanks
#26
18.1 Legacy Series / Re: IPsec connected but no traffic
February 06, 2018, 06:15:49 PM
Is it normal that the IPsec remote network is routed through the WAN gateway? This is what is shown in System > Routes > Status!
#27
18.1 Legacy Series / Re: IPsec connected but no traffic
February 06, 2018, 11:34:31 AMQuote from: elektroinside on February 06, 2018, 10:42:27 AMthanks. I had seen that link, but I checked and I have done what it says. In fact the tunnel seems established!
There's some useful info here: https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
Maybe you'll find something there?
Looks like a problem with the routes...
#28
18.1 Legacy Series / IPsec connected but no traffic
February 06, 2018, 09:51:24 AM
Hi. I'm new to OPNsense, I'm replacing an existing pfSense installation.
I replicated all the configurations and everything seems ok, I'm struggling a bit with VPNs.
Right now I'm trying to restore IPSect tunnels. Everything seems ok (from the status page), but I cannot reach the remote network. In Firewall > IPsec I've enabled all the traffic, just for testing.
From the status page the P2 is INSTALLED and Routed, but still I cannot ping any host of the remote endpoint, neither from the lan or from the firewall itself.
Any hint?
thanks
I replicated all the configurations and everything seems ok, I'm struggling a bit with VPNs.
Right now I'm trying to restore IPSect tunnels. Everything seems ok (from the status page), but I cannot reach the remote network. In Firewall > IPsec I've enabled all the traffic, just for testing.
From the status page the P2 is INSTALLED and Routed, but still I cannot ping any host of the remote endpoint, neither from the lan or from the firewall itself.
Any hint?
thanks
