Show Posts
1
19.7 Legacy Series / Port Forwarding issues and VPN passthrough issues
« on: January 09, 2020, 05:47:18 pm »
I'm having two issues
#1 Trying to port forward a non-reserved port to SSH (port 22) on a bare metal box inside the FW. Externally I can see "connection established" but I'm not seeing any authentication attempts in the logs on the linux box. Reviewing OPNSense logs I see that it is supposedly forwarding the packets. The same setup was previously working when the same hardware I put OPNSense on was running Sophos so I do not believe it to be an issue on the linux box end
#2 Client system inside is trying to connect externally via Cisco VPN. It establishes the connection but I cannot connect to any services on the other side of the VPN. Using my phone to tether and bypass the OPNSense everything works fine
OPNSense notes:
I have NOT enabled "Boock bogon" or "Block private" on either WAN or LAN
I have set NAT outbound to "manual" only for testing but this has not helped
This part is important... !!!I NEED TO BE ABLE TO RUN IN HYBRID NAT OUTBOUND TO ENABLE NAT-PMP!!!!! however this automatically enables ISAKMP which can interfere with VPN's as I have read it
I have three WAN rules enabled and no LAN rules (aside from allow all on LAN side)
I have disabled the outbound rules for testing however it has not fixed the problems
I humbly beg for assistance here as my Google-fu and forums searches over the past couple of days have resulted in the same suggestions (already tried above) which haven't fixed the issues.
#1 Trying to port forward a non-reserved port to SSH (port 22) on a bare metal box inside the FW. Externally I can see "connection established" but I'm not seeing any authentication attempts in the logs on the linux box. Reviewing OPNSense logs I see that it is supposedly forwarding the packets. The same setup was previously working when the same hardware I put OPNSense on was running Sophos so I do not believe it to be an issue on the linux box end
#2 Client system inside is trying to connect externally via Cisco VPN. It establishes the connection but I cannot connect to any services on the other side of the VPN. Using my phone to tether and bypass the OPNSense everything works fine
OPNSense notes:
I have NOT enabled "Boock bogon" or "Block private" on either WAN or LAN
I have set NAT outbound to "manual" only for testing but this has not helped
This part is important... !!!I NEED TO BE ABLE TO RUN IN HYBRID NAT OUTBOUND TO ENABLE NAT-PMP!!!!! however this automatically enables ISAKMP which can interfere with VPN's as I have read it
I have three WAN rules enabled and no LAN rules (aside from allow all on LAN side)
- spamhaus_drop
- spamhaus_edrop
- GeoIP
I have disabled the outbound rules for testing however it has not fixed the problems
I humbly beg for assistance here as my Google-fu and forums searches over the past couple of days have resulted in the same suggestions (already tried above) which haven't fixed the issues.