Show Posts
1
21.7 Legacy Series / Devices that do not have opnsense as the gateway cannot be reached by nat or VPN
« on: February 21, 2022, 08:31:46 pm »
I have 3 devices on my network that can't have opnsense as the gateway.
Changing the GW to opnsense is not an option
One is a webserver that has it's own external ip address and this is intentional for failover purposes in case something were to happen to opnsense
Two others are on a dual lan where the other lan is someone else's network. We share the two devices with the other network and his opnsense is the gateway which I don't have access to.
All 3 devices cannot be accessed over the vpn nor can I nat to them even though they all have internal ip addresses and can be accessed by other devices on the network.
I have been told that the solution is by outbound nat but all config attempts have not succeeded
To put things in perspective here are some fake ips.
This is a limited example and we actually have about 10 devices with opnsense as the GW working great.
Internal network 10.1.1.0/24
I CAN access all devices from each other.
I CAN ping webserver1 and storage-server from opnsense by ssh or in the gui
I can't nat to webserver1 or storage-server
I can't reach webserver1 or storage-server from the vpn
I CAN reach opnsense and webserver2 by nat or vpn
opnsense
88.88.88.60
10.1.1.1
GW=88.88.88.57
webserver1
88.88.88.61
10.1.1.2
GW=88.88.88.57
webserver2
10.1.1.3
GW=10.1.1.1
storage-server
10.1.1.4
10.2.2.4
GW=10.2.2.1
Changing the GW to opnsense is not an option
One is a webserver that has it's own external ip address and this is intentional for failover purposes in case something were to happen to opnsense
Two others are on a dual lan where the other lan is someone else's network. We share the two devices with the other network and his opnsense is the gateway which I don't have access to.
All 3 devices cannot be accessed over the vpn nor can I nat to them even though they all have internal ip addresses and can be accessed by other devices on the network.
I have been told that the solution is by outbound nat but all config attempts have not succeeded
To put things in perspective here are some fake ips.
This is a limited example and we actually have about 10 devices with opnsense as the GW working great.
Internal network 10.1.1.0/24
I CAN access all devices from each other.
I CAN ping webserver1 and storage-server from opnsense by ssh or in the gui
I can't nat to webserver1 or storage-server
I can't reach webserver1 or storage-server from the vpn
I CAN reach opnsense and webserver2 by nat or vpn
opnsense
88.88.88.60
10.1.1.1
GW=88.88.88.57
webserver1
88.88.88.61
10.1.1.2
GW=88.88.88.57
webserver2
10.1.1.3
GW=10.1.1.1
storage-server
10.1.1.4
10.2.2.4
GW=10.2.2.1