Allow OPT1 (DMZ) to reach OpenVPN site to site
-
Hi All - I have OPT1 configured as a DMZ. Works great. My primary network is 192.168.50.0/24 and my DMZ is 192.168.200.0/24. I have an OpenVPN tunnel to a remote network that is 192.168.1.0/24 (tunnel address is 10.8.0.1).
I want to be able to reach the remote network (192.168.1.0/24) from my DMZ - what should my firewall rules look like, or is this tricker given that the remote network is via OpenVPN?
-
Add push "route 192.168.200.0 255.255.255.0" to your VPN server config or the client-specific config for the remote site.
If the rules on DMZ don't already allow traffic from 192.168.200.0/24 to 192.168.1.0/24 there will need to be a rule there.
The rules on the OpenVPN tab at the remote site will also have to allow traffic from 192.168.200.0/24 to 192.168.1.0/24.
If you also want remote VPN clients on 192.168.1.0/24 to initiate connections to servers on 192.168.200.0/24, the firewall rules on the OpenVPN tab at the local site will have to pass them.