1
Virtual private networks / Noob VPN routing question
« on: May 20, 2024, 05:15:29 pm »
I have a working opnsense router / VPN setup - bear with me on the following
WAN has a known external ipv4 address - call it WAN1
Users on LAN1 have unfettered access to internet via WAN1
There is a webserver on the DMZ lan connection
There is an existing OpenVPN client running on router that connects to an external VPN server in Europe
- it does not do a gateway redirect as we only want LAN2 using the VPN
There is policy based routing on LAN2 that pushes all traffic out the VPN
- this is working as checking my IP address on a PC on LAN2 shows the european IP address
Users accessing the webserver from the internet are routed to the DMZ host using port forwarding
However - if a user on a PC on LAN2 enters the URL for the webserver in a browser, the URL resolves to the external IP address of WAN1, but instead of ending up on the webserver, they end up on the Admin GUI for opnsense
What I expected (perhaps incorrectly) was that the the users on LAN2 would access the webserver
If a user on LAN2 does a traceroute to the external IP of WAN1, it doesnt go "out" the VPN, what is satisfied in one hop
thx for any suggestions - or is this not possible?
thx
rick
WAN has a known external ipv4 address - call it WAN1
Users on LAN1 have unfettered access to internet via WAN1
There is a webserver on the DMZ lan connection
There is an existing OpenVPN client running on router that connects to an external VPN server in Europe
- it does not do a gateway redirect as we only want LAN2 using the VPN
There is policy based routing on LAN2 that pushes all traffic out the VPN
- this is working as checking my IP address on a PC on LAN2 shows the european IP address
Users accessing the webserver from the internet are routed to the DMZ host using port forwarding
However - if a user on a PC on LAN2 enters the URL for the webserver in a browser, the URL resolves to the external IP address of WAN1, but instead of ending up on the webserver, they end up on the Admin GUI for opnsense
What I expected (perhaps incorrectly) was that the the users on LAN2 would access the webserver
If a user on LAN2 does a traceroute to the external IP of WAN1, it doesnt go "out" the VPN, what is satisfied in one hop
thx for any suggestions - or is this not possible?
thx
rick