Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Issue when trying to forward an internet server's IP address to an intranet IP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issue when trying to forward an internet server's IP address to an intranet IP (Read 669 times)
gougere89
Newbie
Posts: 1
Karma: 0
Issue when trying to forward an internet server's IP address to an intranet IP
«
on:
January 23, 2023, 09:32:41 pm »
Hello,
I and my friend are running into an issue setting up a tunnel to redirect traffic from an OVH server to a Proxmox VM behind an OPNSense firewall.
Here is what we're trying to do:
1) The OVH server has 2 IP addresses. We want its additional IP to forward the traffic to a VM on a Proxmox server behind an OPNSense Firewall.
2) We used different setups, with either GRE and WireGuard, either set up on the OPNsense or the VM directly, but we're facing different issues.
For each protocol, we tried this configuration :
- 10.0.0.1 => OPNsense OR the VM directly
- 10.0.0.2 => The OVH server.
- 10.20.0.5 => The VM's IP address, in a LAN managed by OpnSense.
In the past I did set up different configurations of the same type, but I didn't use OPNsense at the time. For the GRE example, I used
this article
as a base, where the "unfiltered IP" is my OVH server's main address and "filtered IP" the secondary address (used to forward the packets to the VM).
When setting up the GRE tunnel on OPNsense :
- 10.0.0.2 was able to ping 10.0.0.1
- but 10.0.0.1 (nor the VM) wasn't able to ping 10.0.0.2
So we tried setting up a Wireguard tunnel instead.
The ping worked, but we couldn't manage to find how to:
a) forward packets received by 10.0.0.1 to 10.20.0.5
b) forward packets received by the server's secondary IP to 10.0.0.1 (it's a Linux server, so I tried the iptables approach given by the article linked above, but I get a timeout when trying to connect to the app hosted on the VM via the OVH server's secondary IP address)
We ended up trying setting up Wireguard on the VM directly (so the VM gets the 10.0.0.1 IP inside the tunnel) , but we also face the issue "b": we aren't able to redirect the traffic from the server to the VM. We're wondering if there's a rule (other than authorizing port udp/51820 for Wireguard) to configure in the OPNsense firewall.
My friend made a network graph:
The "debian" server is the OVH server, while the OPNSense and Proxmox ones are self-hosted.
Thank you by advance for your help, we can provide any necesary information.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Issue when trying to forward an internet server's IP address to an intranet IP