Public IP's on DMZ interface over WAN-link or OpenVPN tunnel
-
Hello Friends
I am trying to work out a scenario and would appreciate your feedback's/comments/suggestions
The situation:
I need to use a /29 subnet that is connected to PFsense-A, on servers connected to DMZ interface at PFsense-B
PFsense-A and PFsense-B are in a different physical locations, linked via L2-OpenVPN tunnel ( soon to be linked via L2/L3 Microwave WAN )Topology:
Site-A: ISP-UpstreamRouter --- WAN-PFsense-A (ip1/29) --- OpenVPN-L2-server
Site-B: ISP-UpstreamRouter --- WAN-PFsense-B (DHCP) --- OpenVPN-L2-clientScenario:
Created Bridge0 at Site-A with WAN+OpenVPN-L2 interfaces
Created Bridge0 at Site-B with DMZ+OpenVPN-L2 interfacesI can now use /29 subnet( using Site-A ISP router as gateway ) on servers connected to DMZ interface at Site-B
outgoing works as expected, although as-you-might-guess, incoming is not
PFsense-A can reach servers on DMZ interface of PFsense-B
Public cannot reach servers on DMZ interface ( traceroute stops at Site-A ISP router )Question:
before going into my troubleshooting steps and other scenarios i have tried, is the above a proper way to do it, or i would be better of waiting for the Microwave WAN link and ask the ISP to route the /29 subnet from his side?Thanking you in advance
Best
Mike -
UPDATE: Solved
Problem was solved, main issue was OpenVPN Main interface catch-all rule
If anyone is interested in this thread let me know to provide a tutorial
Thank you
Regards
Mike