Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
SNAT from Port-forward over VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: SNAT from Port-forward over VPN (Read 301 times)
sirianthe3rd
Newbie
Posts: 2
Karma: 0
SNAT from Port-forward over VPN
«
on:
August 28, 2024, 12:58:49 am »
Hello all, I am looking for some help regarding a special kind of configuration that I am trying to get working. I have a server that is in another location that has a VPN tunnel to a datacenter with a static IP. So, the datacenter has an Internet connection with a static IP, and the other has an Internet connection behind CG-NAT. There is a VPN tunnel between them that works as intended. What I am trying to accomplish is to host a server behind the OPNsense box with the CG-NAT by bringing in the traffic via the site with the static IP.
To keep traffic symmetrical, I am thinking to source NAT the traffic coming in to the datacenter so that it get correctly routed back to the firewall with the static IP, otherwise it will go out the connection with the default out of the CG-NAT interface and get stopped by that site's OPNsense box.
For instance:
Inbound:
Source of traffic 1.1.1.1 -> DST public IP 2.2.2.2 -> Port Forward / DNAT -> Real Server 10.10.10.2 -> SNAT 192.168.10.2 -> VPN tunnel -> Server 10.10.10.2
Outbound:
Source of traffic 10.10.10.2 -> DST IP 192.168.10.2 -> VPN tunnel -> Datacenter OPNsense -> Reverse SNAT 10.10.10.2 to Public IP 2.2.2.2 -> Destination 1.1.1.1
Is this possible? So far I haven't been able to get it working. Thanks!
Logged
bartjsmit
Hero Member
Posts: 1999
Karma: 193
Re: SNAT from Port-forward over VPN
«
Reply #1 on:
August 28, 2024, 08:06:01 am »
If traffic == http, you could consider a web proxy
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
SNAT from Port-forward over VPN