Expose services at SiteB to WWW via SiteA using VPN tunnel (already built)

[jeffmcfarlin]

Ok guys, I got an interesting one that I can't seem to figure out. I'm new to OpnSense, but not networking etc. I just replaced my main home FW with OpnSense, and I should've done this years ago tbh. I've tried all sorts of stuff and I just can't seem to get this to work. I'm thinking there must be a way.

To wit:

SiteA is home (static FiOS)
SiteB is remote (behind Starlink [CGNat])

Both sites have a single /24 and a single OpnSense FW as the main FW.

192.168.100.2/24 (SiteA)
192.168.0.1/24 (SiteB)

I've built my OpenVPN tunnel (SiteA server, SiteB client) and all is working perfectly. I simply would like to expose services at SiteB to the www via SiteA. There's other services (mostly paid) that can do this, but I don't want to go that route. I'd prefer to do this via OpnSense and the VPN tunnel. This was working before when SiteB was Exede/Viasat which provides a real IP, but now, well - Starlink. You understand.

Anyways - thoughts?

Jeff

[bartjsmit]

Reverse proxy at site A looks the most logical

[jeffmcfarlin]

Great idea - that worked for 6 of the 7 services/devices I needed to expose. The final one is an Elk Products M1 Gold security panel ethernet card/add-on (static IP, proprietary encrypted protocol). Still messing around with it.

Thanks!

Jeff

[jeffmcfarlin]

Went with a single free ngrok tunnel for that last service to expose it on the Starlink side. Yay!

Now to get the IDS/IPS stuff configured.

Jeff

[bartjsmit]

Good to hear you got it fixed and thanks for reporting back  :)