Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG2100 as OpenVPN gateway

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 227 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      guillaume14
      last edited by

      Hi !

      For a remote site i want to use a SG2100 as an OpenVPN gateway only (the SG2100 will not act as the default gateway for computers of the remote site).

      I managed to create a site a site OpenVPN link beetween my HQ site (running a SG3100) and my remote site by:

      • removing Ip configuration on the WAN interface (IPv4 Configuration Type: None) of the SG2100
      • assigning a default gateway (which is the IP address of the main router on the remote site) on the LAN interface of the SG2100
      • creating my OpenVPN client instance on the LAN interface of the SG2100
      • adding a route to my HQ LAN network in the main router of the remote site
      • checking the "Bypass firewall rules for traffic on the same interface" box in the System->Advanced->Firewall & NAT menu (if i don't i can't access remote devices from the HQ sites after a fews seconds: asymetric routing problem ?)

      I know that putting a gateway on the LAN interface is bad: can i do the same exact configuration using the WAN interface only ?

      How can i avoid the asymetric routing problem ?

      Thanks a lot in advance
      Guillaume

      G S 2 Replies Last reply Reply Quote 0
      • G Offline
        guillaume14 @guillaume14
        last edited by guillaume14

        @guillaume14

        After a reboot my config is not working anymore even with the "Bypass firewall rules for traffic on the same interface" setting (from the HQ site i can't access the web GUI of a remote copier for instance after a few seconds).

        1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @guillaume14
          last edited by

          @guillaume14 how are you reaching the 2100 LAN if WAN is not configured? Aren’t you already on it’s LAN network?

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          G 1 Reply Last reply Reply Quote 0
          • G Offline
            guillaume14 @SteveITS
            last edited by

            @SteveITS
            Hi Steve
            My mistake ...

            I have a bridge interface (LAN + WAN) on the SG2100 with an IP address and a gateway (main router of the remote site) and internet access is OK on the SG2100.

            I have zero configuration on WAN and LAN interface (IPv4 Configuration Type: None) in the SG2100.

            G 1 Reply Last reply Reply Quote 0
            • G Offline
              guillaume14 @guillaume14
              last edited by

              @guillaume14
              I made some tests with 2 pfsense box on the remote site:

              • the first one (192.168.10.254) is the default gateway for the remote site computers (192.168.10.0/24)
              • the second one (192.168.10.129) has only one interface (WAN) with 192.168.10.254 as a the default gateway and the OpenVPN client instance to the OpenVPN HQ instance

              If i add a route to the HQ site (192.168.14.0/24) on the first pfSense box using 192.168.10.129 as the gateway i cant access devices on the remote site (copier web interface for instance) from a computer in the HQ site but i can do a tracert to the same copier.

              Any clue ?
              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.