VPN (mental pose)

Darkopnsense · March 22, 2020, 04:03:43 PM

Hello community,

On VPNs, there is literature that I have and that I browse.

There are also reluctances to deploy dual NAT except that it neither has a choice.
Box FAI-> Box OPNsense-> LAN
Anyway this configuration is very implemented.

My question is very simple and in two points.
Did you operate:
1) OpenVPN through double NAT?
2) WireGuard through double NAT?

Regards,

PS: If so, I come up against a firewall rule problem.
My spirit takes hold.

johnsmi · March 22, 2020, 04:33:09 PM

OK, simple answer:
1) no
2) yes

--
More elaborately:
I never used nor tested OpenVPN.
I'm currently running Wireguard with doubleNAT:

Internet
|
ISP-Router with VoIP-stuff
|
OPNsense
|
LAN, Wireguard, ...

Basically https://wiki.opnsense.org/manual/how-tos/wireguard-client.html without Outbound-NAT.

Darkopnsense · March 22, 2020, 04:42:29 PM

Hi @johnsmi,

Thank you for your quick response, you are opening a path for me with "without Outbound-NAT", perhaps this is a possible resolution to my problem.

Regards,

Darkopnsense · March 23, 2020, 07:37:55 PM

Hello community,

The responses were not rushed. Given the number of posts on VPNs, people should not serve ...

Good information point although the deployment is not finalized. I ping my tunnel with WireGuard behind a double nat on APU machines of PC-Engines under OPNsense.

Cordially.

VPN (mental pose)

Darkopnsense

March 22, 2020, 04:03:43 PM

johnsmi

March 22, 2020, 04:33:09 PM #1

Darkopnsense

March 22, 2020, 04:42:29 PM #2

Darkopnsense

March 23, 2020, 07:37:55 PM #3