"
Hello everyone,
I have two sites behind NAT with a site-to-site VPN tunnel between two subnets:
Site A:
WAN: AAA.AAA.AAA.AAA
LAN: 192.168.100.0/24
Site B:
WAN: BBB.BBB.BBB.BBB
LAN: 192.168.200.0/24
I have setup a site-to-site VPN following the instructions here: https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html
All the appropriate traffic is routed properly, I can ping from one server to another across the two subnets fine and I can traceroute between them to confirm its utilizing the tunnel. However, what I would like to do is port forward the traffic for a web server from Site A WAN IP to Site B LAN IP. Is this possible?
Currently, I setup a typical port forward on Site A firewall going from Site A WAN IP to internal LAN IP of the web server on Site B. And I can see that traffic going through Site B ip session. But I suspect that the traffic is being routed back out through Site B's WAN IP instead of returning the traffic to Site A WAN IP.
A few thoughts:
If anyone would have any suggestions or guidance I would appreciate your help.
Thanks
I have two sites behind NAT with a site-to-site VPN tunnel between two subnets:
Site A:
WAN: AAA.AAA.AAA.AAA
LAN: 192.168.100.0/24
Site B:
WAN: BBB.BBB.BBB.BBB
LAN: 192.168.200.0/24
I have setup a site-to-site VPN following the instructions here: https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html
All the appropriate traffic is routed properly, I can ping from one server to another across the two subnets fine and I can traceroute between them to confirm its utilizing the tunnel. However, what I would like to do is port forward the traffic for a web server from Site A WAN IP to Site B LAN IP. Is this possible?
Currently, I setup a typical port forward on Site A firewall going from Site A WAN IP to internal LAN IP of the web server on Site B. And I can see that traffic going through Site B ip session. But I suspect that the traffic is being routed back out through Site B's WAN IP instead of returning the traffic to Site A WAN IP.
A few thoughts:
- Do I need to configure outbound NAT? Would that be on Site B's firewall? If so, how would that look?
- Would I need to do a double port forward for Site A then again on Site B firewall?
- Do I need to use a different type of tunnel? I've tried checking and unchecking redirect gateway, which I thought would force all traffic through the tunnel, but it does not seem to work. The tunnel is split regardless of the checkbox. i.e. going to whatismyip.info from Site B server should be getting WAN IP of site A under redirect and it is not.
If anyone would have any suggestions or guidance I would appreciate your help.
Thanks
