Messages

1

Virtual private networks / Opnsense Site-to-Site openVPN Port Forwarding for Web Server

« on: October 05, 2022, 04:32:26 pm »

Hello everyone,

I have two sites behind NAT with a site-to-site VPN tunnel between two subnets:

Site A:
WAN: AAA.AAA.AAA.AAA
LAN: 192.168.100.0/24

Site B:
WAN: BBB.BBB.BBB.BBB
LAN: 192.168.200.0/24

I have setup a site-to-site VPN following the instructions here: https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html

All the appropriate traffic is routed properly, I can ping from one server to another across the two subnets fine and I can traceroute between them to confirm its utilizing the tunnel. However, what I would like to do is port forward the traffic for a web server from Site A WAN IP to Site B LAN IP. Is this possible?

Currently, I setup a typical port forward on Site A firewall going from Site A WAN IP to internal LAN IP of the web server on Site B. And I can see that traffic going through Site B ip session. But I suspect that the traffic is being routed back out through Site B's WAN IP instead of returning the traffic to Site A WAN IP.

A few thoughts:

• Do I need to configure outbound NAT? Would that be on Site B's firewall? If so, how would that look?
• Would I need to do a double port forward for Site A then again on Site B firewall?
• Do I need to use a different type of tunnel? I've tried checking and unchecking redirect gateway, which I thought would force all traffic through the tunnel, but it does not seem to work. The tunnel is split regardless of the checkbox. i.e. going to whatismyip.info from Site B server should be getting WAN IP of site A under redirect and it is not.

If anyone would have any suggestions or guidance I would appreciate your help.

Thanks