Comment on Retain source IP when proxying through VPS
SeeJayEmm@lemmy.procrastinati.org 9 months agoI believe the policy based routing is the same thing. I’m starting to think I’m encountering an opnsense bug.
Comment on Retain source IP when proxying through VPS
SeeJayEmm@lemmy.procrastinati.org 9 months agoI believe the policy based routing is the same thing. I’m starting to think I’m encountering an opnsense bug.
MSgtRedFox@infosec.pub 9 months ago
When you did your dump of the tunneled traffic, was the VPS preserving the public IPs?
I was only assuming since you mentioned seeing the traffic at each segment.
SeeJayEmm@lemmy.procrastinati.org 9 months ago
Once I got masquerading configured it was preserving the public IP. I tcpdumped every interface in the path and watched the traffic. When it hit opnsense instead of respecting the policy based routing it was routing the traffic out the WAN.
What baffles me is if I initiated traffic from the mailu server (ping, wget, etc…) I could see that opnsense was routing all traffic in that conversation out the WG interface, none of it hitting the way.
I need to update the post because after fighting with it all day, I realized I was being stubborn (I have a need to solve the problem). I configured a direct WG tunnel between the VPS and the mailu VM and routed the traffic that way. It’s all working exactly as I need it to now.
I’d still like to know if opn has a bug or if I was missing some setting as I’d rather not be littering my network with tunnels when I shouldn’t need to and I can leverage some smarts in opn (i.e. if the tunnel is down, the gateway would get marked down in opn and it would ignore the policy route).
MSgtRedFox@infosec.pub 9 months ago
Yeah, the tunnel would annoy me unless it was open and I could scan the traffic as it went through my proxy. My OCD kicks in when stuff doesn’t do what it’s supposed to
You could always swap out that OPNS for Cisco, NBD. /Sarcasm