Text only | Text with Images

OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: akron on January 31, 2018, 02:29:47 PM

Title: NAT to Remote Network via OpenVPN Tunnel
Post by: akron on January 31, 2018, 02:29:47 PM
Hi Guys,

I'm hoping the fantastic OPNsense community can shed some light on this.

Been trying many different things for a couple of weeks none of them working.

I have 2 OPNsense firewalls installed, one on Site A and one on Site B

Site A has Public IP and LAN IP - I can control the Public IP and the Natting to Site A LAN fine.

Site B has LAN IP Only - I don't control the Public IP, hence I have a OpenVPN tunnel back to Site A

Site A: LAN 192.168.1.0/24 WAN 271.xxx.xxx.xxx OpenVPN Tunnel Network 10.6.8.0/24

Site B: LAN 192.168.2.0/24 no WAN OpenVPN Tunnel Network 10.6.8.0/24

I can access the site A LAN network from site B fine and vice-versa, no problems on that.

My goal is to be able to NAT something from Site A Public IP to the LAN seating on the other side of the tunnel on site B.

I have tried:

Stretched LAN from site A to site B via Bridging Site A LAN + OpenVPN, didn't work at all, no traffic passing either way Site A or Site B, I also did the bridge on Site B LAN + OpenVPN with no results

Specific traffic Rules on Site A to Site B and Outbound from Site B LAN configured to go via OpenVPN tunnel. Didn't work also.

Is there a easy/proper way to achieve this ?

Thank you
Title: Re: NAT to Remote Network via OpenVPN Tunnel
Post by: finish06 on March 30, 2018, 03:32:54 PM
I am having the same issue.  I have set up a VPN server in OPNsense, established a VPN client connection and cannot route traffic from LAN to VPN client LAN.  Did you ever get this to work?
Title: Re: NAT to Remote Network via OpenVPN Tunnel
Post by: Alphakilo on March 30, 2018, 03:47:22 PM
Quote from: akron on January 31, 2018, 02:29:47 PM
Is there a easy/proper way to achieve this ?

The better way of doing this would be IPsec IMHO:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html
Title: Re: NAT to Remote Network via OpenVPN Tunnel
Post by: akron on June 26, 2018, 12:47:16 AM
Quote from: Alphakilo on March 30, 2018, 03:47:22 PM
Quote from: akron on January 31, 2018, 02:29:47 PM
Is there a easy/proper way to achieve this ?

The better way of doing this would be IPsec IMHO:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html

I never got OpenVPN NAT to remote site working in a clean way, with dirty configs I can pass some traffic but defeats the pupose of easy and clean way.

Could you explain why we can achieve this with IPsec  and not OpenVPN?

Thank you 
Title: Re: NAT to Remote Network via OpenVPN Tunnel
Post by: finish06 on July 11, 2018, 06:32:26 PM
I was able to get this to work by setting up Client Specific Overrides.  I defined Tunnel network, Local network and Remote network.  I also had to allow all traffic on OpenVPN firewall.
Text only | Text with Images