OPNsense Forum
English Forums => Virtual private networks => Topic started by: noppingen on June 11, 2021, 09:31:18 am
-
Hi there.
I'd need a little help or a pointer to the right direction.
Setup:
Opnsense here
LAN 192.168.40.0/22
VLAN33 192.168.110.0/24
Opensense in VLAN33: 192.168.110.100
VLAN33 is set up for our companys production air conditioning systems: A large amount of AC compressors, valve controls, Siemens HMI/control panels etc.
The majority of these AC network devices does not have a default gateway set and we currently do not want ot set one. One Windows server in that network has the GW set to 192.168.110.100, however.
A 3rd party company managing these AC devices used to VPN into that VLAN 33 usting a Lancom/NCP client and an old Lancom 1711 router at our site.
That Lancom router and it's DSL line are gone, I set up an IPsec Tunnel that works perfectly using their Lancom/NCP client. They can reach VLAN 33 and RDP to the Windows Server.
The problem is:
They can reach the Windows server which has a default gateway set, but none of the gateway-less devices without a gateway, of course.
This is where I could need someone pointing me to the right direction.
Can I NAT the VPN client (coming from virtual IP 192.168.169.0/24) as if it came from OPNsense (192.168.110.100)?
Some kind of Proxy ARP?
I have no clue how the Lancom VPN router did this, I guess Proxy ARP.
Thanks in advance!
-
yes, NAT :D
Either that, or put their tools on the Windows server and control the devices through the RDP sessions.
Bart...