LAN, WAN and VPN settings

Started by Singman, May 27, 2020, 12:26:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 27, 2020, 12:26:27 PM
Hi,

I have a problem setting up a firewall / VPN.
Basically, two network : a private one (LAN_P) and a corporate (LAN_C). Only LAN_C have an internet access and the goal is to give to a customer on internet access to a computer in the private network, but the client is OPNsense and it should initiate the connextion.
But I dont have access to LAN_P all the time, only for the setup. We are administrating everything from LAN_C, so I should give access to GUI from LAN_C. That's the 1st difficulty.
Next, I think if I setup a VPN client from the interface on LAN_C to the external customer, I will loose the control of OPNsense. That's the 2nd problem (or not ?).
Hopefully, the hardware have 4 ethernet ports, so I think I could do something like dedicating an interface to VPN and another one to GUI, both on LAN_C.

What do you think ?
May 27, 2020, 01:13:40 PM #1
Quote from: Singman on May 27, 2020, 12:26:27 PM
What do you think ?

Draw a picture?
May 27, 2020, 01:43:03 PM #2
May 27, 2020, 02:06:47 PM #3
Sounds like you need a site-to-site VPN to allow an unattended connection. OPNsense can be the server or the client using either IPSec or OpenVPN (easier).

The manual has a page on it: https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html

Bart...
May 27, 2020, 04:20:40 PM #4 Last Edit: May 27, 2020, 11:51:56 PM by Singman
You have not read my message...
The problem is not to setup the VPN, the problem is to give access to the Admin console to OPNSense GUI, without using a VPN.
I"ve tried many settings, including a NAT transversal, all my attempts are blocked by the deny rule.
May 28, 2020, 07:31:38 AM #5
try Franco's suggestion in this thread: https://forum.opnsense.org/index.php?topic=573.0
May 28, 2020, 09:18:19 AM #6
Who should I trust ?

  • franco : Do a NAT from a high port like 12345 to LAN 443 - not working
  • ristridin : do a Firewall rule External IP/Host -> WAN address -> OPNSense 443 - not working
  • jwright : disable reply-to on WAN rules - not working
  • banym : change Mngmt port and open it from WAN - not working
I'm amazed by the number of answers to this very basic question (while pfSense is doing that in a very easy way) and none of them is working or provided with a simple step-to-step tutorial or picture, to avoid any errors.

BTW, my problem is still there.
May 28, 2020, 09:45:33 AM #7
Your admin console connects from wan with a RFC1918 address from corporate network. So you have to allow private RFC1918 addresses from wan ( it's a checkbox in wan interface configuration) .

But why switching from pfSense when lucky and so much better? ::)
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
May 28, 2020, 11:06:41 AM #8
RFC1918 and bogon networks already desactivated :)
May 28, 2020, 09:25:12 PM #9
And if ... I disable PF completely ?
I dont need the firewall part of OPNSense, just the router and VPN. My WAN (LAN corporate) is already secured by firewalls.

What do you think ?
Print
Go Up Pages1
User actions