Unusual port forwarding scenario
-
IPs have been changed to protect the innocent
We have a scenario where we want to take Server A (192.168.1.11/24) that's currently in our internal network, create a VPN to a new site, place Server A at the other end of that VPN and have it maintain connectivity with Server B (192.168.1.21/24) and Server C (192.168.1.22/24) on our internal network without changing the IP configuration of any of the servers.
I believe this configuration would allow that:
<192.168.1.21>-<192.168.1.22>
I
<LAN 192.168.1.11>
<pfSense X>
<WAN 10.0.1.1/24>
I
VPN
I
<WAN 10.0.2.1/24, Alias:10.0.2.2/24>
<pfSense Y>
<LAN 192.168.1.21, Alias:192.168.1.22>
I
<192.168.1.11>pfSense X
OpenVPN remote network - 10.0.2.0
Port Forward - Source:192.168.1.21 Destination:192.168.1.11 Redirect:10.0.2.1
Port Forward - Source:192.168.1.22 Destination:192.168.1.11 Redirect:10.0.2.2
Port Forward - Source:10.0.2.1 Destination:10.0.1.1 Redirect:192.168.1.21
Port Forward - Source:10.0.2.2 Destination:10.0.1.1 Redirect:192.168.1.22pfSense Y
OpenVPN remote network - 10.0.1.0
1:1NAT - 10.0.2.1:192.168.1.21
1:1NAT - 10.0.2.2:192.168.1.22
Port Forward - Destination:10.0.2.1 Redirect:192.168.1.11
Port Forward - Destination:10.0.2.2 Redirect:192.168.1.11
Port Forward - Destination:192.168.1.21 Redirect:10.0.1.1
Port Forward - Destination:192.168.1.22 Redirect:10.0.1.1