CPE VPN device behind OPNSense

Started by tcb, December 13, 2024, 11:27:33 AM

Previous topic - Next topic
Hi,

i need to add a CPE device for an SD-WAN solution behind our OPNSens. Certain networks of remote branches needs to be routed through this device. It should have just limited access to the internet and be isolated from other devices. It's connected to two individual ports on OPNSense.

My apporach would be to create 2 independent networks on this two NICs: 192.168.100.1/24 and 192.168.101.1/24. The CPE would have 192.168.100.2/24 on WAN and 192.168.101.2/24 on LAN. I would then set firewall rules to allow traffic. I need to set routes to reach remote networks through the CPE.

Does this make sense? Is there any simple way of doing it? How would be your approach? What should i take care of in terms of config and security best practice?

Thanks for all comments and recommendations!

Regards