Print Page - Separate Client VPN Connections from Site Connections

Title: Separate Client VPN Connections from Site Connections
Post by: spetrillo on December 13, 2024, 06:23:19 PM

Hello all,

Both my client and site VPN connections use the same subnet. This causes an issue when I implement an outbound NAT to the Internet, for the WG interface. The site VPN connection stays up but routing is all messed up. Do you separate client and site connections by subnet? I was using a /24 for all connections, so I guess I could subnet the client from the site connections, but this will also impact site connections since its applied to the interface. How do ppl segregate client from site connections, so you can apply the outbound rule?

Thanks,
Steve

Title: Re: Separate Client VPN Connections from Site Connections
Post by: bartjsmit on December 13, 2024, 06:57:03 PM

I use a /21 for the internal network and slice /24 subnets off that

Title: Re: Separate Client VPN Connections from Site Connections
Post by: spetrillo on December 13, 2024, 07:07:29 PM

That makes sense. Do you use 0.0.0.0/0 for AllowedIPs?

Title: Re: Separate Client VPN Connections from Site Connections
Post by: bartjsmit on December 13, 2024, 08:28:54 PM

yes, it makes testing from the LAN easier

Title: Re: Separate Client VPN Connections from Site Connections
Post by: spetrillo on December 16, 2024, 03:41:38 PM

That worked well...now how about allowing local IPs? Do I add those subnets to the AllowedIPs or is it just subnets behind the VPN?

OPNsense Forum

English Forums => Virtual private networks => Topic started by: spetrillo on December 13, 2024, 06:23:19 PM