VLAN to LAN to remote?
-
Dear Sirs,
I've a site to site openvpn setup in which the local LAN and remote LAN comunicate fine.
I've added a VLAN on local LAN, how can I allow some specified clients from VLAN to connect to remote LAN?
I've tried a NAT rule as this:
pass - source VLAN alias_allowed - dest 172.168.10.0/24
But no luck, it seems that the VLAN should be routed to 172.168.10.0.
Is there a way to allow VLAN to Remote whihout adding additional routes?
Someting like:
masquerade the traffic coming from VLANalias_allowed as its coming from LAN address
-
@summer
Best way to do is to add the VLAN to the remote OpenVPN settings to add the route, but if I understand you correctly, that's not an option for you.So yes, you can go with masquerading. Rules can be added on the outbound NAT tab.
If the outbound NAT is still working in automatic mode switch to hybrid first and press save.
Then add a new rule with settings like these:
interface: <the VPN interface>
source: select 'network' and enter the alias you've set for the permitted clients
destination: <the remote LAN>
translation: interface addressThis presumes that the tunnel subnet is routed to the VPN endpoint on the remote site (that it's the default gateway). Otherwise you may use any unused IP out of the LAN subnet.
Also ensure that there is a firewall rule in place on the VLAN which allows the traffic to the remote LAN.