How to?: openvpn to access LAN from outside - catch: opnsense is not gateway

pppp12 · April 04, 2025, 05:20:20 PM

Dear OPNsense users,

I have a network topology as on attached picture.
You cannot view this attachment.

What I need is to VPN connect to the OPNSense (200.200.10.190) from PC_RW and then be able to access PC_1,2 or 3.
The challenge is the LAN has a gateway 192.168.1.200 which is not the OPNSense (192.168.1.190).
I guess in addition to setting up openvpn instance (I followed OPNSense 24.7 – OpenVPN Remote Access Setup | SSL/TLS + User Authentication) one would need to add some prerouting and forwarding/masquerading - which honestly I have very little experience/knowledge of.

Did any of you made this configuration working in OPNsense (25.1)?

Thanks in advance
(Note: WAN addresses are not my real, only for demonstration)

viragomann · April 04, 2025, 06:02:08 PM

So as I understood, the VPN is already up. Then all you need is to add an outbound NAT rule (masquerading) to the LAN interface.

In the Outbound NAT settings enable the hybrid mode and save this.
Then add a rule:
interface: LAN
source: OpenVPN tunnel network
destination: LAN subnet
translation: interface address

pppp12 · April 04, 2025, 09:19:33 PM

Dear viragomann,

Thanks a lot. Unfortunately I cannot test it till Monday. I will check it and let you know :)

pppp12 · April 09, 2025, 05:15:39 PM

@viragomann

I confirm it did the trick.
Thanks!

viragomann · April 09, 2025, 05:22:36 PM

Nice. Thanks for feedback.

How to?: openvpn to access LAN from outside - catch: opnsense is not gateway

pppp12

April 04, 2025, 05:20:20 PM

viragomann

April 04, 2025, 06:02:08 PM #1

pppp12

April 04, 2025, 09:19:33 PM #2

pppp12

April 09, 2025, 05:15:39 PM #3

viragomann

April 09, 2025, 05:22:36 PM #4