Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Port Forwarding through IPSEC Tunnel
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port Forwarding through IPSEC Tunnel (Read 15843 times)
blueart
Newbie
Posts: 3
Karma: 0
Port Forwarding through IPSEC Tunnel
«
on:
May 23, 2020, 10:51:24 pm »
Hello Team,
first of all thanks for your great work.
Currently im running into an issue with Port Forwarding to a destination behind a VPN Tunnel.
We have a Firewall in our DataCenter Colocation which has an IPSec Tunnel with a VTI back to our Office Firewall.
Behind the Office Firewall is a Server which needs to be published to the Internet.
On the Office Firewall there is a Policy Based routing rule to forward all traffic from that Server via the Tunnel to the Datacenter.
If I'm opening a webpage or use speedtest.net I can see the correct public IP Address assigned from the NAT Pool on the Colocation Firewall.
Now if we open a port form the Colocation Firewall via Port Forward to the office Server, I can see the requests via Wireshark hitting the Colo Firewall, hitting the VPN Tunnel and the Office Firewall. So running a Packet Capture on the VTI Interface of the Office Firewall I can see the traffic hitting the Firewall with that tunnel, but the traffic is never leaving the tunnel and gets to the server.
IPSEC Firewall rules on the VTI Interface:
IPSEC Firewall rules on the IPSec Interface:
If I replace the IPSec setup with a OpenVPN tunnel it works, but the performance is bad.
Colo Firewall:
PFsense 2.4.5
Office Firewall:
OpenSense 20.1.7
Thanks for reading and looking into it.
Best regards
Martin
«
Last Edit: May 23, 2020, 11:47:01 pm by blueart
»
Logged
blueart
Newbie
Posts: 3
Karma: 0
Re: Port Forwarding through IPSEC Tunnel
«
Reply #1 on:
August 23, 2020, 09:30:44 pm »
We did another test today with Opnsense 20.7. as well as on openVPN and IPSec, there is no way we can make this work.
Sadly this works perfectly with PFsense.
Are there any plans to get this functionality in OpnSense as well?
Best regards
Logged
fraenki
Full Member
Posts: 175
Karma: 29
Re: Port Forwarding through IPSEC Tunnel
«
Reply #2 on:
September 08, 2020, 02:27:26 pm »
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-binat.html
Have both of you considered this documentation?
AFAICT your attempts fail because you hit a known limitation related to "NAT before IPsec". The documentation contains workarounds and hints related to unsupported scenarios.
Regards
- Frank
Logged
Fixeon
Newbie
Posts: 2
Karma: 0
Re: Port Forwarding through IPSEC Tunnel
«
Reply #3 on:
February 28, 2021, 05:23:41 pm »
Hello,
i have the same problem. Any solution for this issue?
Regards
Jannik
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Port Forwarding through IPSEC Tunnel