Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG2100 as OpenVPN gateway

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 227 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guillaume14
      last edited by

      Hi !

      For a remote site i want to use a SG2100 as an OpenVPN gateway only (the SG2100 will not act as the default gateway for computers of the remote site).

      I managed to create a site a site OpenVPN link beetween my HQ site (running a SG3100) and my remote site by:

      • removing Ip configuration on the WAN interface (IPv4 Configuration Type: None) of the SG2100
      • assigning a default gateway (which is the IP address of the main router on the remote site) on the LAN interface of the SG2100
      • creating my OpenVPN client instance on the LAN interface of the SG2100
      • adding a route to my HQ LAN network in the main router of the remote site
      • checking the "Bypass firewall rules for traffic on the same interface" box in the System->Advanced->Firewall & NAT menu (if i don't i can't access remote devices from the HQ sites after a fews seconds: asymetric routing problem ?)

      I know that putting a gateway on the LAN interface is bad: can i do the same exact configuration using the WAN interface only ?

      How can i avoid the asymetric routing problem ?

      Thanks a lot in advance
      Guillaume

      G S 2 Replies Last reply Reply Quote 0
      • G
        guillaume14 @guillaume14
        last edited by guillaume14

        @guillaume14

        After a reboot my config is not working anymore even with the "Bypass firewall rules for traffic on the same interface" setting (from the HQ site i can't access the web GUI of a remote copier for instance after a few seconds).

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @guillaume14
          last edited by

          @guillaume14 how are you reaching the 2100 LAN if WAN is not configured? Aren’t you already on it’s LAN network?

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          G 1 Reply Last reply Reply Quote 0
          • G
            guillaume14 @SteveITS
            last edited by

            @SteveITS
            Hi Steve
            My mistake ...

            I have a bridge interface (LAN + WAN) on the SG2100 with an IP address and a gateway (main router of the remote site) and internet access is OK on the SG2100.

            I have zero configuration on WAN and LAN interface (IPv4 Configuration Type: None) in the SG2100.

            G 1 Reply Last reply Reply Quote 0
            • G
              guillaume14 @guillaume14
              last edited by

              @guillaume14
              I made some tests with 2 pfsense box on the remote site:

              • the first one (192.168.10.254) is the default gateway for the remote site computers (192.168.10.0/24)
              • the second one (192.168.10.129) has only one interface (WAN) with 192.168.10.254 as a the default gateway and the OpenVPN client instance to the OpenVPN HQ instance

              If i add a route to the HQ site (192.168.14.0/24) on the first pfSense box using 192.168.10.129 as the gateway i cant access devices on the remote site (copier web interface for instance) from a computer in the HQ site but i can do a tracert to the same copier.

              Any clue ?
              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.