OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: cake on December 27, 2018, 07:28:11 am
-
I have my ISP giving me carrier grade NAT. This broke my openvpn server running on my opnsense box.
So I changed the OpnSense from server to client and connect to a openvpn server with a static IP somewhere else.
I want to have my OpnSense LAN subnet connect as a client to a OpenVPN server that is running lets say in a VPS in some data center. I have client-to-client enabled in the server.conf in the VPS. The connection from the VPS to my OpnSense client is already established. I just need help or suggestion as when another client connects to the openvpn server I can not ping any devices on my lan.
-
Since your local OPNsense is a router, you need to ensure that the other client knows the route to your LAN.
Although probably easier with a site-to-site OpenVPN connection, you can make the OpenVPN server aware through a --client-config-dir directive which points to an --iroute option, and have the server push out this information with a --push route directive. You will find more than you bargained for here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
If you control both servers and the clients, you can also set the routes statically or by normal DHCP.
Bart...
-
Thanks Bart,
I struggled through it, got it done today.
Works grrreat! I used the tutorial https://backreference.org/2009/11/15/openvpn-and-iroute/ (https://backreference.org/2009/11/15/openvpn-and-iroute/), printed it out, studied it, scribbled on it and then deployed it.
It sorta makes sense to me and does indeed enable me to access my network from remote, even when my home network is behind carrier grade NAT.
Also thank opnsense devs for still including the scramble patch. :-)