• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPSEC port forwarding issue

Scheduled Pinned Locked Moved IPsec
4 Posts 2 Posters 395 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    netgate.powdered559
    last edited by netgate.powdered559 Aug 30, 2024, 1:51 PM Aug 30, 2024, 1:32 PM

    Pfsense.drawio.png

    I create a site to site ipsec connexion with 2 pfsense. One on VPS and the other on Lab.
    I want to expose Kubernetes App on internet with VPS ip.

    The shell of Pfsense can curl and ping the app but an internet user not. The exeption is config 2 internet user can curl python3 server but not kubernetes app.

    I open all port on VPS Firewall for the test.

    V 1 Reply Last reply Aug 30, 2024, 2:56 PM Reply Quote 0
    • V
      viragomann @netgate.powdered559
      last edited by Aug 30, 2024, 2:56 PM

      @netgate-powdered559
      Version 2 should basically work.
      However, it forces all upstream traffic from the right to the VPS. So you need to add an outbound NAT / masquerading rule the lab network on the VPS to access the internet.

      The Kubernetes might block access from outside of the local subnet by its own firewall.

      If you don't want to direct the whole upstream traffic from the lab over the VPN you can go with OpenVPN, Wireguard or IPSec VTI.

      1 Reply Last reply Reply Quote 0
      • N
        netgate.powdered559
        last edited by Aug 30, 2024, 10:00 PM

        @viragomann said in IPSEC port forwarding issue:

        Version 2 should basically work.
        However, it forces all upstream traffic from the right to the VPS. So you need to add an outbound NAT / masquerading rule the lab network on the VPS to access the internet.

        Thanks viragomann,

        I add the outbound NAT on VPS from 15.0.15.0/24 to any and any to 15.0.15.0/24 and I change the DNS resolver to kubernetes and I can curl the 45.x.x.x.x:40820.

        I obtains the html page but it is a Streamlit page and it run a javascript code that does not work. Do you have any idea ?

        V 1 Reply Last reply Aug 31, 2024, 8:43 AM Reply Quote 0
        • V
          viragomann @netgate.powdered559
          last edited by Aug 31, 2024, 8:43 AM

          @netgate-powdered559
          And the page works if you access it directly from the lab and from the internet if the latter is even possible?

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received