IPSEC port forwarding issue

netgate.powdered559 · Aug 30, 2024, 1:51 PM

I create a site to site ipsec connexion with 2 pfsense. One on VPS and the other on Lab.
I want to expose Kubernetes App on internet with VPS ip.

The shell of Pfsense can curl and ping the app but an internet user not. The exeption is config 2 internet user can curl python3 server but not kubernetes app.

I open all port on VPS Firewall for the test.

viragomann · Aug 30, 2024, 2:56 PM

@netgate-powdered559
Version 2 should basically work.
However, it forces all upstream traffic from the right to the VPS. So you need to add an outbound NAT / masquerading rule the lab network on the VPS to access the internet.

The Kubernetes might block access from outside of the local subnet by its own firewall.

If you don't want to direct the whole upstream traffic from the lab over the VPN you can go with OpenVPN, Wireguard or IPSec VTI.

netgate.powdered559 · Aug 31, 2024, 8:43 AM

@viragomann said in IPSEC port forwarding issue:

Version 2 should basically work.
However, it forces all upstream traffic from the right to the VPS. So you need to add an outbound NAT / masquerading rule the lab network on the VPS to access the internet.

Thanks viragomann,

I add the outbound NAT on VPS from 15.0.15.0/24 to any and any to 15.0.15.0/24 and I change the DNS resolver to kubernetes and I can curl the 45.x.x.x.x:40820.

I obtains the html page but it is a Streamlit page and it run a javascript code that does not work. Do you have any idea ?

viragomann · Aug 31, 2024, 8:43 AM

@netgate-powdered559
And the page works if you access it directly from the lab and from the internet if the latter is even possible?