Comment on Retain source IP when proxying through VPS

MSgtRedFox@infosec.pub ⁨11⁩ ⁨months⁩ ago

• SeeJayEmm@lemmy.procrastinati.org ⁨11⁩ ⁨months⁩ ago

  I believe the policy based routing is the same thing. I’m starting to think I’m encountering an opnsense bug.

  source

  • MSgtRedFox@infosec.pub ⁨11⁩ ⁨months⁩ ago

    When you did your dump of the tunneled traffic, was the VPS preserving the public IPs?

    I was only assuming since you mentioned seeing the traffic at each segment.

    source

    • SeeJayEmm@lemmy.procrastinati.org ⁨11⁩ ⁨months⁩ ago

      Once I got masquerading configured it was preserving the public IP. I tcpdumped every interface in the path and watched the traffic. When it hit opnsense instead of respecting the policy based routing it was routing the traffic out the WAN.

      What baffles me is if I initiated traffic from the mailu server (ping, wget, etc…) I could see that opnsense was routing all traffic in that conversation out the WG interface, none of it hitting the way.

      I need to update the post because after fighting with it all day, I realized I was being stubborn (I have a need to solve the problem). I configured a direct WG tunnel between the VPS and the mailu VM and routed the traffic that way. It’s all working exactly as I need it to now.

      I’d still like to know if opn has a bug or if I was missing some setting as I’d rather not be littering my network with tunnels when I shouldn’t need to and I can leverage some smarts in opn (i.e. if the tunnel is down, the gateway would get marked down in opn and it would ignore the policy route).

      source

      • MSgtRedFox@infosec.pub ⁨11⁩ ⁨months⁩ ago

        Yeah, the tunnel would annoy me unless it was open and I could scan the traffic as it went through my proxy. My OCD kicks in when stuff doesn’t do what it’s supposed to

        You could always swap out that OPNS for Cisco, NBD. /Sarcasm

        source