OpenVPN only and IP address WAN-LAN
-
Hi,
At the customer, it's like this:INTERNET customer router | PF SENSE (Netgate 1100, we're looking into installing it, but it's not currently installed.) | | –-------------------- | | WorkstationsThe only thing we're interested in is setting up an OPENVPN network with external clients, and using this VPN connection to access the LAN of the customer.
If the customer keeps his router, what are the network architecture options?
Can we use only the WAN or the LAN of Netgate 1100 ?I know that the WAN can't be in the same domain as the LAN, and if we absolutely have to use both the WAN and the LAN, does that mean we have to change all the IPs on the customer's workstations?
Thank you,
Remi -
@rnolin said in OpenVPN only and IP address WAN-LAN:
If the customer keeps his router, what are the network architecture options?
Can we use only the WAN or the LAN of Netgate 1100 ?If you insert pfSense as shown in the diagram you need both.
I know that the WAN can't be in the same domain as the LAN, and if we absolutely have to use both the WAN and the LAN, does that mean we have to change all the IPs on the customer's workstations?
Change the routes LAN network and connect pfSense to it. On pfSense configure the LAN network as it was on the router before.
Other options are:
- Configure a transit network on the router and connect pfSense to it. You only need a single port connected to the existing LAN then, say LAN.
Then you would to add routes on the custom router for the VPN tunnel network and point it to pfSense, and on pfSense for the LAN and point it to the router. - Do masquerading on pfSense. This works as well with a single port.
The drawback is that, when accessing the LAN devices over VPN, they will see only the pfSense IP, not the real VPN client IP.
- Configure a transit network on the router and connect pfSense to it. You only need a single port connected to the existing LAN then, say LAN.