Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing a VIP IP on the WAN side when connecting to openVPN

    OpenVPN
    2
    2
    272
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mauzilla
      last edited by

      I have a number of 1:1 NAT's configured between WAN and LAN, and all of the WAN IP's are VIP's (IP's routed through my primary WAN IP).

      When I connect to openVPN, I can access the LAN side, but none of the WAN VIP IP's are responding either to ping - I cannot even see the traffic within the firewall, almost as if my request is getting lost between openVPN and the routes.

      In my local openVPN confige I have route-nopull and only route selected IP's through my VPN. In principle this works as I can still connect to the LAN using my VPN connection, but when we have services setup with an external DNS server (which points to the public IP), it's a tedeous task to keep updating local openVPN configuration.

      So question time:

      Has anyone setup something similar where they're able to connect to the openVPN server and still have access to the WAN virtual IPs?
      My next option seems to be running a DNS server in the gateway so that connected VPN clients can hopefully get the record from the internal DNS VS external one. I am however only getting this to work if I change my network settings on my laptop and change my WIFI / lan DNS to point to the WAN IP of the gateway. If I don't, my network interface disregards the internal DNS and still points to the external DNS servers (like 8.8.8.8)

      What is the correct / recommended / "industry norm" when it comes to this kind of setup? I imagine I am not configuring my various services correctly or the way it was intended on working.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @mauzilla
        last edited by

        @mauzilla said in Accessing a VIP IP on the WAN side when connecting to openVPN:

        In my local openVPN confige I have route-nopull

        Basically access to the WAN VIPs should work normally with this option.
        But why don't you just uncheck "Redirect gateway" in the server settings and enter the local subnets to be routed over the VPN instead?

        You can also go the other way round and route the whole upstream traffic over the VPN (including the VIPs) and enable NAT reflection for 1:1 NAT.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.