OPNsense Forum

English Forums => Virtual private networks => Topic started by: mauzilla on July 31, 2023, 12:52:36 PM

Title: Accessing a VIP IP on the WAN side when connecting to openVPN
Post by: mauzilla on July 31, 2023, 12:52:36 PM
I have a number of 1:1 NAT's configured between WAN and LAN, and all of the WAN IP's are VIP's (IP's routed through my primary WAN IP).

When I connect to openVPN, I can access the LAN side, but none of the WAN VIP IP's are responding either to ping - I cannot even see the traffic within the firewall, almost as if my request is getting lost between openVPN and the routes.

In my local openVPN confige I have route-nopull and only route selected IP's through my VPN. In principle this works as I can still connect to the LAN using my VPN connection, but when we have services setup with an external DNS server (which points to the public IP), it's a tedeous task to keep updating local openVPN configuration.

So question time:


What is the correct / recommended / "industry norm" when it comes to this kind of setup? I imagine I am not configuring my various services correctly or the way it was intended on working.
Title: Re: Accessing a VIP IP on the WAN side when connecting to openVPN
Post by: bartjsmit on July 31, 2023, 02:11:21 PM
Quote from: mauzilla on July 31, 2023, 12:52:36 PM
What is the correct / recommended / "industry norm" when it comes to this kind of setup?

Split DNS https://en.wikipedia.org/wiki/Split-horizon_DNS

Internal traffic stays internal and WAN traffic uses the VIP's and any other public IP's.

Bart...