I have a number of 1:1 NAT's configured between WAN and LAN, and all of the WAN IP's are VIP's (IP's routed through my primary WAN IP).
When I connect to openVPN, I can access the LAN side, but none of the WAN VIP IP's are responding either to ping - I cannot even see the traffic within the firewall, almost as if my request is getting lost between openVPN and the routes.
In my local openVPN confige I have route-nopull and only route selected IP's through my VPN. In principle this works as I can still connect to the LAN using my VPN connection, but when we have services setup with an external DNS server (which points to the public IP), it's a tedeous task to keep updating local openVPN configuration.
So question time:
- Has anyone setup something similar where they're able to connect to the openVPN server and still have access to the WAN virtual IPs?
- My next option seems to be running a DNS server in opnsense so that connected VPN clients can hopefully get the record from the internal DNS VS external one. I am however only getting this to work if I change my network settings on my laptop and change my WIFI / lan DNS to point to the WAN IP of the gateway. If I don't, my network interface disregards the internal DNS and still points to the external DNS servers (like 8.8.8.8)
What is the correct / recommended / "industry norm" when it comes to this kind of setup? I imagine I am not configuring my various services correctly or the way it was intended on working.
Quote from: mauzilla on July 31, 2023, 12:52:36 PM
What is the correct / recommended / "industry norm" when it comes to this kind of setup?
Split DNS https://en.wikipedia.org/wiki/Split-horizon_DNS
Internal traffic stays internal and WAN traffic uses the VIP's and any other public IP's.
Bart...