Messages

1

19.7 Legacy Series / Virtual IPs- Pingingable?

« on: December 08, 2019, 01:21:45 am »

I'm trying to set up a a /29 as virtual IPs for my static IPs. the primary IP that I set as my Wan works, that's fine. But my Virtual IPS don't seem to work. I've tried to set them up with both port forwarding/outbound, and 1 to 1 NATs. Neither seems to work. I've allowed ICMP through, and the WAN interface responds to pings, but the VIPs do not.

Is there any other steps i need to do other then setting up the VIP and assigning it to an interface to make it routable? I'd half love to think this is any issue with my ISP/Modem not pushing them all through, but before I open a ticket with them I would like a more fullproof test or confirmation on the Opnsense side.

2

Tutorials and FAQs / Re: HOW TO OpenVPN OPNsense CLIENT DEAD SIMPLE

« on: September 23, 2019, 11:21:04 pm »

I had a VPN client set up in 18.6, upgrading broke it, and your tutorial helped me get things working.

However, it only works if i try to route ALL traffic through it. If i try to only route certain hosts through it, my other internet traffic breaks (Because my VPN provider pushes routes that try to take all traffic). If i check 'don't pull routes', so that the OPenVPN client doesn't override my default routes, then I have no way of sending traffic to my VPN.

I know in the older version, I could put a rule that passed traffic from the WAN  to the VPN gateway if it was the correct source, but now that the system doesn't recognize the VPN client as a interface or allow a gateway for it- Any Ideas?

3

Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN

« on: April 24, 2018, 01:31:24 am »

Following these instructions, I had this working in Jan.. but then I wanted to bring on another interface, set up a DMZ. I then had some issue with traffic not routing appropriatly- it looks like I'm not the only one who ran into something like this, reading through the last few pages. I disabled the VPN client, and got the second interface working.

I've decided I want to tackle this again, ran through all the updates so i'm on 18.1.6. I can confirm the VPN client shows as up, I've followed the rules- but now I apparently can't get any traffic out through the VPN- no matter what host I add, (tried some VMs and some bare metal in case there was something weird I was missing), all traffic appears to hit my phyical interfaces, rather than the virtual VPN interface.

edit: I missed a basic troubleshooting step. After a reboot, I could now send from my VPN alias out through the VPN.. along with all of my other traffic. Rereading the other issues people experienced, it experimented with the flags for don't pull routes /don't add or remove routes'

With 'don't pull routes' unchecked, and 'don't add or remove routes' checked.. everything appears to work.  Thought I'm not sure exactly how confident I am in this.

4

General Discussion / Setting up a DMZ, but traffic appears on the wrong interface

« on: April 10, 2018, 05:18:34 pm »

I feel like I'm missing something obvious since I can't find much on this.

I'm trying to set up a DMZ. Opnsense deployed on Protectli 6 port router.  Everything workes for my LAN setup.

I have also set up an OpenVPN client, following the instructions herehttps://forum.opnsense.org/index.php?topic=4979 Everything works as okay with this too. the OpenVPN interface is named 'IVPN', and it shows as OVPNC2 in interfaces, with all 0 for the MAC address.

I enable a new physical interface as DMZ , set it as 192.168.2.1 /24 I configured the DHCP server for it, and then created rules for the interface, cloning the 'allow any to any' rules for the LAN to test. (using 8.8.8.8 as the DNS provided, if that makes a difference)

I plug a device into the port, and i see the link go from down to up in the dashboard. Confirm I'm pulling a DHCP address in the range, but i have no connectivity past the firewall.  When I check the firewall logs, filtering for the IP of my test device- 192.168.2.101, i do see DNS traffic hitting the firewall, and showing as ALLOWED. However... it shows under the IVPN interface, not as the DMZ interface.

I've tested a few things- updating, deleteing rebooting, rebuilding, rebooting, and searched for tutorials on setting up DMZs. If I'm understanding it right, i don't need to create a gateway- none of the tutorials mention that, and i notice the LAN doesn't require one.. and it states i don't need to create routes between different interfaces under the route tab. What am I missing?


I'm also assuming that my connectivity issues are the traffic showing up on the wrong interface, but I suppose it's possible these are two separate issues. Any help would be greatly appreciated.

5

18.1 Legacy Series / OPNVPN client failover

« on: February 21, 2018, 01:45:52 am »

I followed the instructions https://forum.opnsense.org/index.php?topic=4979.0.

It works, but I have one tiny question that I don't see mentioned elsewhere in the forums. I'd like to force the traffic I have alias to use the VPN to fail to reach the WAN if the VPN link fails. As it is, if it toggle the VPN down, the traffic continues over the public WAN.

Would this just be as simple as editing the last rule in step 9 to be alias VPN 'source invert' so that it does not direct traffic from the VPN outside?

I still also have the default any to any under the new rules, I didn't know if i'd also need to edit that same source invert in or just delete them- I see a bunch of ways I could take myself offline doing this, and I've already done that a number of times the past couple days.