NAT to Remote Network via OpenVPN Tunnel

Started by akron, January 31, 2018, 02:29:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 31, 2018, 02:29:47 PM
Hi Guys,

I'm hoping the fantastic OPNsense community can shed some light on this.

Been trying many different things for a couple of weeks none of them working.

I have 2 OPNsense firewalls installed, one on Site A and one on Site B

Site A has Public IP and LAN IP - I can control the Public IP and the Natting to Site A LAN fine.

Site B has LAN IP Only - I don't control the Public IP, hence I have a OpenVPN tunnel back to Site A

Site A: LAN 192.168.1.0/24 WAN 271.xxx.xxx.xxx OpenVPN Tunnel Network 10.6.8.0/24

Site B: LAN 192.168.2.0/24 no WAN OpenVPN Tunnel Network 10.6.8.0/24

I can access the site A LAN network from site B fine and vice-versa, no problems on that.

My goal is to be able to NAT something from Site A Public IP to the LAN seating on the other side of the tunnel on site B.

I have tried:

Stretched LAN from site A to site B via Bridging Site A LAN + OpenVPN, didn't work at all, no traffic passing either way Site A or Site B, I also did the bridge on Site B LAN + OpenVPN with no results

Specific traffic Rules on Site A to Site B and Outbound from Site B LAN configured to go via OpenVPN tunnel. Didn't work also.

Is there a easy/proper way to achieve this ?

Thank you
March 30, 2018, 03:32:54 PM #1
I am having the same issue.  I have set up a VPN server in OPNsense, established a VPN client connection and cannot route traffic from LAN to VPN client LAN.  Did you ever get this to work?
March 30, 2018, 03:47:22 PM #2
Quote from: akron on January 31, 2018, 02:29:47 PM
Is there a easy/proper way to achieve this ?

The better way of doing this would be IPsec IMHO:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html
June 26, 2018, 12:47:16 AM #3
Quote from: Alphakilo on March 30, 2018, 03:47:22 PM
Quote from: akron on January 31, 2018, 02:29:47 PM
Is there a easy/proper way to achieve this ?

The better way of doing this would be IPsec IMHO:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html

I never got OpenVPN NAT to remote site working in a clean way, with dirty configs I can pass some traffic but defeats the pupose of easy and clean way.

Could you explain why we can achieve this with IPsec  and not OpenVPN?

Thank you 
July 11, 2018, 06:32:26 PM #4
I was able to get this to work by setting up Client Specific Overrides.  I defined Tunnel network, Local network and Remote network.  I also had to allow all traffic on OpenVPN firewall.
Print
Go Up Pages1
User actions