question regarding : Setup SSL VPN Road Warrior : IP Masquerade

OXYD · January 11, 2022, 09:39:59 PM

Hi,

I followed successfully the "how-to Setup SSL VPN Road Warrior".

But it doesn't seems adapted to my company's network.

We have a Cisco ASA.
It handles all our subnets + NAT WAN/LAN.

The problem: when I am connected to the VPN (opnsense).
I need to manually add a dedicated route on each server.
Else the ICMP Response end up on the Cisco ASA.

Code Select

ip route add 10.10.0.0/24 via IP_LAN_OPNSENSE dev ens224

Is there a way to modify the configuration to not give each client an IP on 10.10.0.0/24 (openvpn).
But instead let the clients be NATed to a unique IP (opnsense LAN) ?

Like this when it come back, it will arrive directly on opnsense LAN.

I try to search on google with masquerade but could not find any lead.

Thanks for your help.

OXYD · January 11, 2022, 10:12:59 PM

I tried to configure a NAT rule from openvpn_net to a virtual IP on my LAN without success ^^

OXYD · January 12, 2022, 06:16:44 PM

is it possible to NAT every VPN clients to one LAN address ?

I created a virtual IP (for example 192.168.10.5).
Openvpn server use the range 10.10.0.0/24

Is there a way to make all the VPN clients use 192.168.10.5 to connect to our servers ?

question regarding : Setup SSL VPN Road Warrior : IP Masquerade

OXYD

January 11, 2022, 09:39:59 PM

OXYD

January 11, 2022, 10:12:59 PM #1

OXYD

January 12, 2022, 06:16:44 PM #2