QuoteSorry, I don't understand how exactly this should work...Can you provide a detailed network diagram (devices, addresses, routes, ...) of your old setup where this worked?Are there any other services in this setting like portmapper? What is the exact role of your VPS (Now i remember this, but it is not mentioned in this thread!)?As said in other threads: Details are missing! You cannot assume that everyone knows your setup or that Patrick or me will always remember details posted across 3-5 threads.this is why I with regret, even with Private Messages, I have had to stop trying to help. We keep getting single couple-liners to ask a question, but he has this convoluted setup that he fails to include on each thread. So everyone tying to help has to spend a lot of time to discover that in the end. Sorry OP but you have been asked many times to include all your setup. We're trying to help for free whilst holding day jobs. It's not fair to do it the way you are doing it so far.
Sorry, I don't understand how exactly this should work...Can you provide a detailed network diagram (devices, addresses, routes, ...) of your old setup where this worked?Are there any other services in this setting like portmapper? What is the exact role of your VPS (Now i remember this, but it is not mentioned in this thread!)?As said in other threads: Details are missing! You cannot assume that everyone knows your setup or that Patrick or me will always remember details posted across 3-5 threads.
+1Could really be much easier to help and understand the situation and the whole desired setup.
Plus, why someone who has to ask "how do I add a rule" is attempting such a supposedly unnecessarily complex and convoluted setup ...?
Firewall > Rules > WANClick on the "+" to add a rule. Add this rule:Action: allowSource: anyDestination: WAN addressDestination port: 443That's should be it. I would also go to Firewall > Settings > Advanced and check "Disable anti-lockout". I don't like "magic" things going on without explicit configuration.Also please start to read the documentation.
FWIW, I use a Wireguard connection to my OPNsense server and connect using that - I can then access the LAN interface for full management of the firewall if I need to. That seems to me to be the simplest solution to this problem.
FWIW, means For What It's Worth (i.e. just my opinion). There's a page that describes how to install Wireguard on OPNsense here: https://docs.opnsense.org/manual/how-tos/wireguard-client.htmlFollow those instructions and then set-up a wireguard client on your mobile phone or your home PC or whatever you use then connect to OPNsense and you'll have full access to the LAN and the web interface to OPNsense on your LAN IP.It's not really that difficult to get running and yes, I have incoming traffic to my internal servers.
CGNAT can not be bypassed.You might want to check out zerotier for your VPN needs when the public side of the opnsense is unreachable.Alternatively, you should have a public IPv6 which should be reachable.Anyway you should not expose the admin interface of your opnsense or any other firewall to the internet.
I think there are always problems with the translation here too, making it so hard to understand... "Bypassing" is the wrong word, I think he only want to achieve that he can access OPNsense services via WAN.As said, this can be done easily by v6, but this is not "bypassing", it is just using another protocol...
