ClickyMcTicker

joined 1 year ago
[–] [email protected] 0 points 5 months ago (1 children)

@bluetrain
> The strongest example I’ve uncovered of this is, from my WAN (or LAN) directly accessing my WAN IP.

What have you been testing from? Laptop pointed to LAN IP, laptop pointed to WAN IP, and cellphone with WiFi disabled pointed to WAN IP?

[–] [email protected] 0 points 5 months ago (3 children)

@bluetrain
> This doesn’t seem to be an issue and comports with everyone’s guides online for configured IP passthrough mode on the BGW320-505 and, in fact, Opnsense does show my WAN IP address as my actual address (something it did not before!).

This corroborates my assessment. You were previously in a double NAT situation. You saw your WAN IP on your gateway because your WAN IP was your gateway, not your interface IP. You now see the ISP’s head end IP as the gateway due to IP passthru

[–] [email protected] 0 points 5 months ago (5 children)

@bluetrain

>I have had this configured to IP passthrough mode without issue for years. But, after the Opnsense upgrade (and defaults), I did notice that my gateways were configured differently. Previously, my upstream WAN gateway was the IP address of the BGW320-505 box. Now, my upstream WAN gateway is my WAN IP address with a .1 substituted for the final digit.

This is critical info. You have been configured for IP Passthrough for exactly however long ago you updated.

[–] [email protected] -1 points 6 months ago (1 children)

@mfat Depending on how they’re blocking VPNs (i.e. blocking specific ports, or allowing specific ports), you may be able to run one on a non-standard port. As an extreme example, you could run Wireguard on port 80 (HTTP), which is practically the last possible port that can ever be blocked on public internet.

[–] [email protected] 0 points 11 months ago (2 children)

@Pete90 @MangoPenguin Bytes (B) are used for storage, bits (b) are used for network. 1B=8b.
2.5Gbps equals 312.5MBps.
With that in mind, there are a lot of moving parts to diagnose, assuming you want to reach that speed for a transfer. Can the storage of both machines reach that speed? I believe I saw the NAS’s disk tested and clocked at 470ish MBps, but can the client side keep up? I saw the iPerf test, but what was the exact command used? Did you multithread it?

[–] [email protected] 3 points 11 months ago (2 children)

@papelitofeliz
3. Set up your PiHole on a static private IP.

  1. Ensure both sites can route across the tunnel. Based on your experience level and scope, dynamic routing is not recommended or necessary, which means static routes. Point a route for each side’s subnet to the Wireguard tunnel IPs so your firewalls know how to reach and respond to each other across the tunnel.

  2. Configure your devices to use PiHole for their DNS, via DHCP ideally.

[–] [email protected] 3 points 11 months ago (3 children)

@papelitofeliz
VPN for sure:

  1. Set up both locations with Dynamic DNS providers. DuckDNS is free, but if you’re building infrastructure you may as well buy your own domain and set it up through that (Namecheap is what I use and recommend).

  2. Set up a Wireguard tunnel between both locations. Do *not* specify an endpoint for either. You could specify endpoints to boost security (barely), but it will cause your system to fail during IP changes, for the duration of the TTL.