Mis config on the OpnSense AWS AMI

[veptune]

Hello,

So I have finally finished  struggling with OpnSense on AWS.

A few remarks :

- It seems the default gateway is automatically attached on the LAN interface, so NAT won't work. Go to system -> gateways -> Check "upstream gateway" on the WAN.

- On the AWS console, on the OpenSense instance, go to Action > Change Source / destination check > Make sure the "stop" checkbox is checked. And on each network inferface of the instanceAction -> Change source/destination check -> Make sure the checkbox is not checked

- I thought "Automatic outbound NAT rule generation (no manual rules can be used)" will be enough to have NAT on WAN but actually no. You have to select Hybrid Outbound and add  the rule.

- The weirdest stuff is about the firewall rules for  the LAN. Look at it :



It says : Default allow LAN to any rule but it does allow traffic for all, not only LAN. Or I guess this rule should be for the LAN interface, not the WAN...

In AWS, usually when the AMI is installed, it only has one interface. And Opensense detects it as WAN. And then you have to attach the LAN interface after.

Maybe because of this order, I got all of this mis-configuration.

Last remark : I thought the auto-generated rules on the WAN interface included rules to allow HTTPS and SSH but actually no..


I spent all my weekend on this...but OpnSense still great!