Re: [Astlinux-users] Access to VPN endpoint from external

Sat, 06 Oct 2018 16:11:47 -0700 

Sorry Lonnie I am a little confused.
The setup is as follows:

PC -- [internet] -- PBX1 -- [WG VPN] -- PBX2

I can ping the private Wireguard PBX2 address (172.29.253.2) from PBX1 
(172.29.253.2)
So I want to NAT PBX1 EXTIF on a particular port to PBX2 WG IP 172.29.253.2.
I have set up the NAT_FOREIGN_NETWORK for the entire private address space.

Thanks

Regards
Michael Knill

On 7/10/18, 12:01 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:

    
    
    > On Oct 5, 2018, at 10:29 PM, Michael Knill 
<michael.kn...@ipcsolutions.com.au> wrote:
    > 
    > Hi Group
    >  
    > Im wanting to set up a NAT rule from NAT EXT to a Wireguard VPN endpoint. 
Is this possible?
    > It does not seem to work with NAT EXT -> LAN.
    > If not, is there a custom rule I can try?
    >  
    > Basically I want to SSH to the VPN endpoint directly, via the transit DR 
server.
    >  
    > Thanks so much.
    
    Hi Michael, short answer is yes, but depending on the routing.
    
    Start with a diagram ...
    
    public_1 -- pbx1 [ wg_1_ip ] -- wireguard -- [ wg_2_ip ] pbx2 -- public_2
    
    
    My understanding is you want to SSH to wg_1_ip using public_2 ?  Correct me 
if I mis-understood.
    
    Yes, a "NAT EXT -> LAN" on public_2 to wg_1_ip will work *only if* the SSH 
return path at pbx1 goes through the wireguard vpn.
    
    I have personally tried this when pbx1 was on failover using wireguard over 
LTE/4G, as such all pbx1 traffic was routed over wireguard, as such a "NAT EXT 
-> LAN" on public_2 to wg_1_ip worked since the SSH return packets passed over 
wireguard to pbx2.
    
    Tip -> Similar, but if a "NAT EXT -> LAN" on public_2 to a LAN IP on pbx1 
you would need to set NAT_FOREIGN_NETWORK on pbx2 of the pbx1 LAN so it is 
NAT'ed on pbx2.
    
    Lonnie
    
    
    
    
    _______________________________________________
    Astlinux-users mailing list
    Astlinux-users@lists.sourceforge.net
    https://lists.sourceforge.net/lists/listinfo/astlinux-users
    
    Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.
    


_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to