Subnets for Wireguard and OpenVPN
-
Hi!
Wireguard and OpenVPN servers need a subnet. To fully and transparently access the LAN subnet, shall I give them sub-subnets of the LAN or is it ok to give them a completely different subnet? (Is access some sort of translated/NATed?) Some services like samba are restricted to LAN clients and SSH asks for 2FA if coming from elsewhere, some services may only be accessed from LAN subnet.
Thanks!
-demux -
@demux said in Subnets for Wireguard and OpenVPN:
Wireguard and OpenVPN servers need a subnet. To fully and transparently access the LAN subnet, shall I give them sub-subnets of the LAN
This would be a bad idea. You cannot use the same subnet twice or overlapping partially.
or is it ok to give them a completely different subnet?
Yes. Use any unused private network range, as small as necessary.
(Is access some sort of translated/NATed?)
No, but you can configure NAT if desired.
Some services like samba are restricted to LAN clients and SSH asks for 2FA if coming from elsewhere, some services may only be accessed from LAN subnet.
So configure the services security settings accordingly so that they accept connections from outside, or even do nat, which just circumvents security restrictions.
-
So, in the past we did everything right.
Thank you.