Hi,
On 16/09/2024 08:46, Bo Berglund wrote:
We would like to set up an OpenVPN service on a summer home to access its local
LAN remotely.
The site has newly installed fiber access to the Internet, but via an ISP which
has CGNAT:ed the router so there is no access to its IP address from outside.
Therefore I cannot set up a regular OpenVPN server on that LAN to dial into. :(
I have access to other fiber connected sites where the external IP is a public
address and where I have set up OpenVPN for access and it works fine.
So I would like to know if it is possible to set up a connection to the CGNAT:ed
LAN by using an OpenVPN client on that LAN connecting to OpenVPN on the publicly
accessible server, and then somehow relaying traffic into the CGNATED LAN via
the connection set up from within that LAN to the publicly accessible server?
Like having a relaying service utilizing the VPN client connection set up from
the client on the CGNAT-ed LAN allowing a user to connect to the accessible
OpenVPN server and then from there into the tunnel towards the CGNATed LAN?
If so is there some documentation as to how one could set it up (and what would
such a scheme be named for further web searches)?
Yes, this is possible and it's a scenario commonly known as "Client LAN"
(connecting a LAN behind a client).
We have a flow chart that help you understanding if you went through all
the steps required to get it working:
https://community.openvpn.net/openvpn/attachment/wiki/IRCimages/clientlan.png
In a nutshell, you need to configure both a route and a "iroute" to
inform the VPN server (your relay point) where a certain LAN is.
Hope this helps.
Regards,
--
Antonio Quartulli
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
