OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: fredbloggs on November 18, 2016, 11:00:57 am

Title: VPN when behind 3rd party router
Post by: fredbloggs on November 18, 2016, 11:00:57 am

Hi,

I have attached a picture which outlines what i'm trying to do and am wondering whether this is possible either with an L2TP/IPsec tunnel. IP addresses are not mine.

Basically, I'm unable to assign a public IP address to the WAN interface of the OPNSense Firewall due to internal politics.  I am however able to get a public IP address routed to the WAN interface of the OPNSense firewall and for the firewall to act on this information.  This works fine and i'm able to access internal systems via NAT and all appears good in the world.

However, when trying to configure L2TP the clients won't connect since the server doesn't know its publicly accessible IP and responds telling the client to connect to the IP address on its WAN interface.  Is it possible to get it to respond with a specified IP address?

I'd prefer to use L2TP/IPSec as this allows more 3rd party systems to gain access but if it requires me to use OpenVPN I may consider that as an option.

Thanks

Title: Re: VPN when behind 3rd party router
Post by: fabian on November 18, 2016, 03:46:57 pm

On IPsec you can try to force NAT-T but if you are using NAT, OpenVPN is usually the better option as it works well with NAT and Port forwards.