Separate Client VPN Connections from Site Connections

spetrillo · December 13, 2024, 06:23:19 PM

Hello all,

Both my client and site VPN connections use the same subnet. This causes an issue when I implement an outbound NAT to the Internet, for the WG interface. The site VPN connection stays up but routing is all messed up. Do you separate client and site connections by subnet? I was using a /24 for all connections, so I guess I could subnet the client from the site connections, but this will also impact site connections since its applied to the interface. How do ppl segregate client from site connections, so you can apply the outbound rule?

Thanks,
Steve

bartjsmit · December 13, 2024, 06:57:03 PM

I use a /21 for the internal network and slice /24 subnets off that

spetrillo · December 13, 2024, 07:07:29 PM

That makes sense. Do you use 0.0.0.0/0 for AllowedIPs?

bartjsmit · December 13, 2024, 08:28:54 PM

yes, it makes testing from the LAN easier

spetrillo · December 16, 2024, 03:41:38 PM

That worked well...now how about allowing local IPs? Do I add those subnets to the AllowedIPs or is it just subnets behind the VPN?

Separate Client VPN Connections from Site Connections

spetrillo

December 13, 2024, 06:23:19 PM

bartjsmit

December 13, 2024, 06:57:03 PM #1

spetrillo

December 13, 2024, 07:07:29 PM #2

bartjsmit

December 13, 2024, 08:28:54 PM #3

spetrillo

December 16, 2024, 03:41:38 PM #4