Allow OPT1 (DMZ) to reach OpenVPN site to site



  • Hi All - I have OPT1 configured as a DMZ.  Works great.  My primary network is 192.168.50.0/24 and my DMZ is 192.168.200.0/24.  I have an OpenVPN tunnel to a remote network that is 192.168.1.0/24 (tunnel address is 10.8.0.1).

    I want to be able to reach the remote network (192.168.1.0/24) from my DMZ - what should my firewall rules look like, or is this tricker given that the remote network is via OpenVPN?


  • LAYER 8 Netgate

    Add push "route 192.168.200.0 255.255.255.0" to your VPN server config or the client-specific config for the remote site.

    If the rules on DMZ don't already allow traffic from 192.168.200.0/24 to 192.168.1.0/24 there will need to be a rule there.

    The rules on the OpenVPN tab at the remote site will also have to allow traffic from 192.168.200.0/24 to 192.168.1.0/24.

    If you also want remote VPN clients on 192.168.1.0/24 to initiate connections to servers on 192.168.200.0/24, the firewall rules on the OpenVPN tab at the local site will have to pass them.


Log in to reply