Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN to LAN to remote?

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 310 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Summer
      last edited by

      Dear Sirs,

      I've a site to site openvpn setup in which the local LAN and remote LAN comunicate fine.

      I've added a VLAN on local LAN, how can I allow some specified clients from VLAN to connect to remote LAN?

      I've tried a NAT rule as this:

      pass - source VLAN alias_allowed - dest 172.168.10.0/24
      

      But no luck, it seems that the VLAN should be routed to 172.168.10.0.

      Is there a way to allow VLAN to Remote whihout adding additional routes?

      Someting like:

      masquerade the traffic coming from VLANalias_allowed as its coming from LAN address
      
      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Summer
        last edited by

        @summer
        Best way to do is to add the VLAN to the remote OpenVPN settings to add the route, but if I understand you correctly, that's not an option for you.

        So yes, you can go with masquerading. Rules can be added on the outbound NAT tab.
        If the outbound NAT is still working in automatic mode switch to hybrid first and press save.
        Then add a new rule with settings like these:
        interface: <the VPN interface>
        source: select 'network' and enter the alias you've set for the permitted clients
        destination: <the remote LAN>
        translation: interface address

        This presumes that the tunnel subnet is routed to the VPN endpoint on the remote site (that it's the default gateway). Otherwise you may use any unused IP out of the LAN subnet.

        Also ensure that there is a firewall rule in place on the VLAN which allows the traffic to the remote LAN.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.