How to access to GUI OPNsense from WAN ?

[novel]

"have not" could mean that v6 is not activated, but does not mean that your provider will not provide v6. ;)
Sure your provider will not provide v6?

My connection doesn't have ipv6. I have one other connection with IPV6  I don't have access his router. He gave me only password from  wifi. How can I pass ipv6 from wifi to my opnsense? I try yesterday but I didn't  find solution. I put ipv6 on slaac to get automatic ipv6 address but It couldn't work.

[tiermutter]

It is again impossible to follow and to imagine how your setup looks like.
Please (again) provide full information about your actual and desired setup.
Please do not describe this in words, but with a graphical network diagram as already asked for in Post #9.

[novel]

It is again impossible to follow and to imagine how your setup looks like.
Please (again) provide full information about your actual and desired setup.
Please do not describe this in words, but with a graphical network diagram as already asked for in Post #9.

I hope to help you my diagram. It is not very good...I am sorry.  If you want any more information I will give you. Thank you

[tiermutter]

Fine :)
There are some things I don't understand....

WAN (Internet) to Router: Wifi connection? Really? How exactly do we have to imagine that?
Router: What does this device do? Type and OS? Does it any firewalling or NAT?
Raspi: I know this from other threads... in the past you used it as VPN gateway, but now you use OPNsense as client and VPN gateway, don't you?
Public IP from VPS: Does your VPN client really have a public IP on its interface assigned by WG server? Or does it simply mean, that traffic routed through VPN is originated from public WG IP (NAT)?

[chemlud]

I use opnsense with a wifi stick as the WAN interface for traveling. Doing fine for years here... :-D

[tiermutter]

I am aware of situations where WIFI is used for WAN uplink, but for this case it is better to ask twice ;)
However, then there is also info about the endpoint missing...

[novel]

Fine :)
There are some things I don't understand....

WAN (Internet) to Router: Wifi connection? Really? How exactly do we have to imagine that?
Router: What does this device do? Type and OS? Does it any firewalling or NAT?

router runs as router It can be as brigde mode. It is ubiquiti
WAN It is private ip. My router get internet through wifi with NAT.


Raspi: I know this from other threads... in the past you used it as VPN gateway, but now you use OPNsense as client and VPN gateway, don't you?

I changed  the vpn to raspi because I couldn't setup opnsense to get WAN access. If I am able to run the setup that suggest other user. or the setup that made together from old post  I am going to take out the raspberry.

Public IP from VPS: Does your VPN client really have a public IP on its interface assigned by WG server? Or does it simply mean, that traffic routed through VPN is originated from public WG IP (NAT)?

The second as you said
inside the terminal of the raspberry if type curl ifconfig.me then show the public ip of vpn server (VPS) eth0 on raspberry it is not public It is private Ip.  Does it help you?

[novel]

I use opnsense with a wifi stick as the WAN interface for traveling. Doing fine for years here... :-D

It is the same like me? Your connection is it behind cgnat? Can you access from wan to opnsense?

[novel]

FWIW, means For What It's Worth (i.e. just my opinion). :)

There's a page that describes how to install Wireguard on OPNsense here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html

Follow those instructions and then set-up a wireguard client on your mobile phone or your home PC or whatever you use then connect to OPNsense and you'll have full access to the LAN and the web interface to OPNsense on your LAN IP.

It's not really that difficult to get running and yes, I have incoming traffic to my internal servers.

Thank you for reply

Are you behind CGNAT  ? Do you know what is CGNAT ??


With above setup are you able to port forward from opnsense and bypass CGNAT ???

would you like to answer. I have a problem that I try to solve it . Please tell me !

[phoenix]

Yes, I do know what CGNAT is and no, my ISP doesn't use that. You can't get through CGNAT (IPv4) to access your WAN interface nor  should you ever 'allow' connections to your WAN interface. The only solution is to use IPv6 to access your LAN with a VPN as I mentioned earlier, obviously that assumes your ISP provides IPv6.

Who is your ISP? Would you consider moving to another ISP that doesn't use CGNAT, that would be the optimal solution. ;)

[novel]

Yes, I do know what CGNAT is and no, my ISP doesn't use that. You can't get through CGNAT (IPv4) to access your WAN interface nor  should you ever 'allow' connections to your WAN interface. The only solution is to use IPv6 to access your LAN with a VPN as I mentioned earlier, obviously that assumes your ISP provides IPv6.

Who is your ISP? Would you consider moving to another ISP that doesn't use CGNAT, that would be the optimal solution. ;)

inaccurate

You are wrong . I already did it.

Please, search in google bypass CGNAT  then stop  to have opinion because you don't have knowledge in the specific issue.

[tiermutter]

Then you maybe like to show us such google-results to give us a chance of understanding what you mean.

Using external services is nothing what I would name "bypassing"... this is another way / workaround to achieve what you want... And as said:

You can't get through CGNAT (IPv4) to access your WAN interface

This is 100% true as long as your provider don't give you exclusive routing /NAT for one or a couple of ports.

[novel]

Then you maybe like to show us such google-results to give us a chance of understanding what you mean.

Using external services is nothing what I would name "bypassing"... this is another way / workaround to achieve what you want... And as said:

You can't get through CGNAT (IPv4) to access your WAN interface

This is 100% true as long as your provider don't give you exclusive routing /NAT for one or a couple of ports.

https://github.com/mochman/Bypass_CGNAT

https://forum.mikrotik.com/viewtopic.php?t=193257

Please, I don't care to discussing for cgnat. I would like to access from wan as you said such as IPV6

Did you see my diagram? I sent you extra information that you said. How can I solve it? Can you help to pass ipv6 from router to opnsense?

[Jamalr]

Hi Answer is here

With option 8) Shell execute the command pfctl -d:

root@OPNsense:~ # pfctl -d
pf disabled

[EricPerl]

Besides the fact that you are replying to a thread that's 18 months old, the recommendation is awful.
Disabling the firewall or enabling access to all ports???