nanog mailing list archives
Re: VPN recommendations?
From: Mark Wiater <mark.wiater () greybeam com>
Date: Thu, 10 Feb 2022 14:18:49 -0500
I don't know of a specific document speaking to this, but this doc i think describes it right.
https://securitynetworkinglinux.wordpress.com/2019/04/19/how-create-a-site-to-site-ipsec-vpn-from-an-opnsense-to-a-fortigate-behind-a-nat-router/in section 2.3 is where you change My Identifer to be the natted non RFC1918 ip that the right side will see.
On 2/10/2022 1:55 PM, William Herrin wrote:
On Thu, Feb 10, 2022 at 10:47 AM Juri Grabowski <nanog () jugra de> wrote:Or buy official supported hardware from https://shop.opnsense.com/Howdy, Opnsense looks like it might work. I dug through some of the documentation but didn't find something entirely on point for my use case. Are you aware of any documentation which describes: LAN - OPNSense Appliance - (rfc1918) NAT Appliance (dynamic IP) - Internet - (static IP) OPNSense appliance - LAN Where the left-side OPNSense is responsible for establishing and keeping the NAT translations alive without any special configuration on the NAT? Thanks, Bill
Current thread:
- Re: VPN recommendations?, (continued)
- Re: VPN recommendations? Mark Wiater (Feb 10)
- Re: VPN recommendations? Dave Taht (Feb 10)
- Re: VPN recommendations? Phineas Walton (Feb 10)
- Re: VPN recommendations? William Herrin (Feb 10)
- Re: VPN recommendations? Tom Beecher (Feb 10)
- Re: VPN recommendations? Sabri Berisha (Feb 10)
- Re: VPN recommendations? Bjørn Mork (Feb 11)
- Re: VPN recommendations? William Herrin (Feb 10)
- Re: VPN recommendations? William Herrin (Feb 10)
- Re: VPN recommendations? Mark Wiater (Feb 10)
- Re: VPN recommendations? Mel Beckman (Feb 10)
- RE: VPN recommendations? Ryland Kremeier (Feb 10)