OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Site-to-Site with VPN using OpnSense inside the LAN (noob question)
« previous next »
  • Print
Pages: [1]

Author Topic: Site-to-Site with VPN using OpnSense inside the LAN (noob question)  (Read 355 times)

BigKuma

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Site-to-Site with VPN using OpnSense inside the LAN (noob question)
« on: August 28, 2024, 09:26:38 pm »
I have 2 networks that I fully control:
1) Farm
- CGNAT through StarLink, no public IP (Farm not willing to pay for the $20 public IP upgrade)
- X50 outdoor TP Link router, Starlink is bypassed.  I have OpenVPN, PPTP, L2TP/IPSec etc as router built in clients
- 5+ cameras with fixed LAN IPs (no P2P)

2) Home
- Deco X60 routers.  I have Wireguard, OpenVPN, PPTP, L2TP/IPSec etc as router built in servers.
- I have a public IP and TpLink DDNS

----------
Unfortunately, I found out after building this setup, that Deco routers don't support Site-to-Site.
After connecting Farm Client to Home Server VPN, I can see Home machines.  But from Home network, I can't see Farm machines.

I need to expose the cameras to the people outside the LAN.  Not concerned about security at this point, just want it to work, and fix issue later.  It should work like this:   http://home_ddns_name.tplinkdns.com:10000 to access camera 1, http://home_ddns_name.tplinkdns.com:10001 to access camera 2, etc.
(NVR is not an option either, since cameras are hundreds of yards apart and they record to their own SD cards).

Will this work:
Home Network:
1) Fiber Modem  - X60 Router (full functionality) - LAN with a PC running OpnSense (single ethernet interface)
2) In OpnSense, run OpenVPN, setup Site to Site (add Farm's subnet to the remote net field)
3) Port forward in the X60 Router to connect Home WAN port 2222 to VPN on OpnSense machine.
4) Port forward in the X60 Router to connect Home WAN port 10,000-10,009 (individually) to OpnSense machine.
5) Inside OpnSense forwarding settings, redirect each of the ports 10,000 to 10,009 to the camera IP's at the farm.

Farm Network:
1) Connect using Deco built in OpenVPN client to my Home OpnSense through the DDNS name, port 2222.

I understand I need to add some static routing, but I want to know if this will work before starting the PC install.
Mostly, I am concerned that typically, OpnSense has 2 interfaces and goes right up against the WAN, and AP follows it.

Thanks for your help.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Site-to-Site with VPN using OpnSense inside the LAN (noob question)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2