"
Hello opnsense users,
I'm quite new in the topic networking and I want to get into self hosting so I red up a few articles about it. As I want to expose open ports to the internet (primary static website, mail-server, and VPN to access my network from outside) as well as securing the rest of the network when practicing pen testing with vulnhubs for example, I decided to buy a NUC for a dedicated firewall and after hearing about the pfsense drama I decided to go for opnsense.
The issue is I'm living in a houseshare with 4 other people and we share the same internet so basically I don't want a huge downtime while setting up the needed hardware and I want to provide them easy wifi access (at the moment guest wifi for their devices) so I am considering taking the double NAT route.
Considering the trouble with can come up I have a few questions, for a visual current network mapping please see the image provided below.
At the moment the network behaves like this:
(192.168.2.x)
ISP -> ComboRouter (from ISP with DHCP) -> Guest Wifi (for their devices and smartphones)
/ \
UnmanagedSwitch My laptop
/ | \
MyPC 2+Ports git/backupserver (with wake on lan)
My primary idea is to place the NUC in between the combo router and my switch and enable port forwarding for the services mentioned above, rest of the stack (i.E. git server/cloud whatever) I want to access after logging into the VPN (if this is achievable with this setup).
So the questions are:
If you want I can provide more info about the ISP or NIC I am considering to buy (I'm not sure if this is flagged as advertisement and breaks the rules).
I'm happy to hear your considerations about this and hope I find a suiting solution with you as I didn't find much of information about double NAT and VPN access.
I say thank you in advance and happy coding!
p.s.
If formatting of the thread is wrong please let me know I'm not really used to post on forums ^^
I'm quite new in the topic networking and I want to get into self hosting so I red up a few articles about it. As I want to expose open ports to the internet (primary static website, mail-server, and VPN to access my network from outside) as well as securing the rest of the network when practicing pen testing with vulnhubs for example, I decided to buy a NUC for a dedicated firewall and after hearing about the pfsense drama I decided to go for opnsense.
The issue is I'm living in a houseshare with 4 other people and we share the same internet so basically I don't want a huge downtime while setting up the needed hardware and I want to provide them easy wifi access (at the moment guest wifi for their devices) so I am considering taking the double NAT route.
Considering the trouble with can come up I have a few questions, for a visual current network mapping please see the image provided below.
At the moment the network behaves like this:
(192.168.2.x)
ISP -> ComboRouter (from ISP with DHCP) -> Guest Wifi (for their devices and smartphones)
/ \
UnmanagedSwitch My laptop
/ | \
MyPC 2+Ports git/backupserver (with wake on lan)
My primary idea is to place the NUC in between the combo router and my switch and enable port forwarding for the services mentioned above, rest of the stack (i.E. git server/cloud whatever) I want to access after logging into the VPN (if this is achievable with this setup).
So the questions are:
- Will I be able to set up a VPN gate with double NAT? I am considering buying a domain but I am also open to the Cloudflare tunnel option.
- Am I okay with double NAT if I map the subnet from opnsense / behind opnsense with 192.168.0( or 1).X
- As i don't want to spend money for another WAP for my laptop connection I would login from the guest wifi into the VPN to access the rest of the network. (rsync/cloud, remote development grabbing compiled packages etc.) or is there any other way around.
- Are there any other "noob traps" to watch out for installing this setup?
If you want I can provide more info about the ISP or NIC I am considering to buy (I'm not sure if this is flagged as advertisement and breaks the rules).
I'm happy to hear your considerations about this and hope I find a suiting solution with you as I didn't find much of information about double NAT and VPN access.
I say thank you in advance and happy coding!
p.s.
If formatting of the thread is wrong please let me know I'm not really used to post on forums ^^
