I want to route my public IP-addresses to remote network!
-
Hi!
I have a pfsense box in Amsterdam. It have 4 public IPs.
I want to set up a solution so that the IPs is being routed to my home network in Norway.
At my home I have a pfSense box, I thinked to set it up as client or something to receive the IPs and route them to the LAN.I thinked of L2TP VPN. I have set up the L2TP server in Amsterdam and got it to work to route the IP-addresses to the clients that connect to the L2TP-server.
This is no problem, but I do not want to connect every client at my home to the VPN-server. I want to use the pfSense box as a "relay" or something to relay the IPs to the LAN.
What is the best solution here?
-
Site-to Site openvpn between the pfSense boxes? You could then restrict what servers have access to with rules.
Never tried it before though, so I don't know if it would work or if there would be a routing problem. Would have to NAT to an internal address methinks.
Generally this is not a good idea. -
Hi!
How do I route the specific IP-adresses to the OpenVPN client in Norway?
I could do that like this:
Route LAN subnet on server side to Norway, with DHCP-server, so the Norwegian clients get their IP-adresses directly from Amsterdam.
Then do a 1:1 NAT.But it's a problem:
I do not want ALL clients in Norway to use the Amsterdam network.So.. More suggestions?
-
I don't feel I understand enough about your issue, but here goes:
How do I route the specific IP-adresses to the OpenVPN client in Norway?
Port forwarding at the Amsterdam pfSense.
I do not want ALL clients in Norway to use the Amsterdam network.
Presumably you have some rule to distinguish clients that should use the Amsterdam network and those that shouldn't. Perhaps you can use DHCP pools to have two pools, one in which clients get the Amsterdam gateway as their DHCP assigned gateway and one in which clients get the Norwegian gateway.
-
OK, so, I will try:
Amsterdam server:
- OpenVPN server
- Optional interface, bind to opvpnc1, give it 192.168.2.1/24 static IP
- DHCP server 192.168.2.0/24 at opvpnc1, use 1:1 NAT to route public IP to the clients.
Norwegian server:
- OpenVPN client
- Make optional interface, give it 192.168.3.1/24 static IP
- DHCP server 192.168.3.1/24 at LAN
- Optional interface, bind to opvpnc1 at the client, give it 192.168.2.2/24 static IP, DHCP server NOT enabled (because it is in Amsterdam)
- Bridge LAN + Optional
So….? How to choose which DHCP server the clients have to use?
-
I am assuming you have (or will have) some way of determining from the client MAC address which DHCP clients in Norway should go through Amsterdam.
I am assuming (since I won't have access to my own pfSense boxes until next week so I can't currently check) that the recently introduced DHCP Pools feature will allow clients to be assigned different gateways based on their MAC addresses and this could be used in the Norway DHCP server to direct clients to the appropriate gateway. See the Sticky note in the "2.1 Snapshot" forum for more information about DHCP server pools. This will only work on all clients if the gateway is on the same subnet as the client. If that is not the case, then I think you can add firewall rules so traffic from a particular client get redirected to a gateway out a particular interface. This feature will be easier to manage if the client IP addresses fit neatly into a subnet (e.g. a /27 subnet of the LAN subnet).
I suspect you won't, in the long term, want clients' DHCP server to be at a remote site. (You probably won't want DHCP to be dependent on a WAN link.)