Tunnel ports from public server through OPNsense to host

Started by ChrisVH1982, September 15, 2021, 09:59:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 15, 2021, 09:59:26 AM Last Edit: September 15, 2021, 10:09:46 AM by ChrisVH1982
Hello,

Since I changed my ISP, I no longer have direct access to my home network because of IPv6. To solve this problem, I got myself an IONOS VPS-S server with IPv4 address, which I would like to connect to OPNsense and forward needed ports like HTTP to my systems.
I have to admit that I am an absolute beginner when it comes to OPNsense, so please bear with me. The IONOS server with its IPv4 address is in place and the OPNsense firewall is prepared and available on my network. Can someone briefly explain to me the steps needed to set up a tunnel between the two and forward, for example, port 80 from the IONOS server to OPNsense? I have read about autossh from OPNsense to IONOS server, but also wireguard and openvpn.... What is the best and "easiest" way?


September 15, 2021, 10:15:38 AM #1
Quote from: ChrisVH1982 on September 15, 2021, 09:59:26 AM
I no longer have direct access to my home network because of IPv6.
What do you mean by this?
September 15, 2021, 10:20:57 AM #2
I have DS-Lite so the IPv4 I am receiving from my ISP is not usable and I won't switch everything to IPv4. Therefore I require an alternative entry point such as a public server with its IPv4 address.
September 15, 2021, 10:26:46 AM #3
I guess you could create a site to site VPN and then configure fw rules on the public server to forward or proxy specific traffic to the backend services through the tunnel
September 15, 2021, 10:31:56 AM #4
So e.g. use OpenVPN (or better Wireguard?) to connect from OPNsense to IONOS server running CentOS?
Can I forward port from IONOS server through the tunnel or do I need to get these somehow from OPNsense?
September 15, 2021, 11:10:16 AM #5
Something like that. You should be able to port forward, though if using WG take note of this

The alternative for a website is to set up a reverse proxy on your public server to proxy to the local webserver
September 15, 2021, 11:28:44 AM #6
To be honest I was hoping to get direction to a step by step guide of somebody who's facing same issue. I am not the first one facing this issue.

Like...
1. Install WireGuard / Open VPN
2. Setup WireGuiard / Open VPN like this...
3. Install counterpart on public server
4. Configure counterpart server
5. Establish the tunnel
6. Forward port XYZ like this...
September 15, 2021, 11:38:54 AM #7
Someone who has implemented something like it might weigh in. Otherwise there is always google. The first hit I found was https://reposhub.com/python/security/mochman-Bypass_CGNAT.html
September 15, 2021, 11:57:49 AM #8
Thanks for the link. Google can't help when you are missing the right keywords.
Print
Go Up Pages1
User actions