Allow OPT1 (DMZ) to reach OpenVPN site to site
Hi All - I have OPT1 configured as a DMZ. Works great. My primary network is 192.168.50.0/24 and my DMZ is 192.168.200.0/24. I have an OpenVPN tunnel to a remote network that is 192.168.1.0/24 (tunnel address is 10.8.0.1).
I want to be able to reach the remote network (192.168.1.0/24) from my DMZ - what should my firewall rules look like, or is this tricker given that the remote network is via OpenVPN?
Add push "route 192.168.200.0 255.255.255.0" to your VPN server config or the client-specific config for the remote site.
If the rules on DMZ don't already allow traffic from 192.168.200.0/24 to 192.168.1.0/24 there will need to be a rule there.
The rules on the OpenVPN tab at the remote site will also have to allow traffic from 192.168.200.0/24 to 192.168.1.0/24.
If you also want remote VPN clients on 192.168.1.0/24 to initiate connections to servers on 192.168.200.0/24, the firewall rules on the OpenVPN tab at the local site will have to pass them.