Menu
▾
▴
Re: [Openvpn-users] Can a network behind a CGNAT:ed ISP be accessed using OpenVPN?
|
From: Antonio Q. <a...@un...> - 2024-09-16 07:13:24
|
Hi, On 16/09/2024 08:46, Bo Berglund wrote: > We would like to set up an OpenVPN service on a summer home to access its local > LAN remotely. > > The site has newly installed fiber access to the Internet, but via an ISP which > has CGNAT:ed the router so there is no access to its IP address from outside. > Therefore I cannot set up a regular OpenVPN server on that LAN to dial into. :( > > I have access to other fiber connected sites where the external IP is a public > address and where I have set up OpenVPN for access and it works fine. > > So I would like to know if it is possible to set up a connection to the CGNAT:ed > LAN by using an OpenVPN client on that LAN connecting to OpenVPN on the publicly > accessible server, and then somehow relaying traffic into the CGNATED LAN via > the connection set up from within that LAN to the publicly accessible server? > > Like having a relaying service utilizing the VPN client connection set up from > the client on the CGNAT-ed LAN allowing a user to connect to the accessible > OpenVPN server and then from there into the tunnel towards the CGNATed LAN? > > If so is there some documentation as to how one could set it up (and what would > such a scheme be named for further web searches)? Yes, this is possible and it's a scenario commonly known as "Client LAN" (connecting a LAN behind a client). We have a flow chart that help you understanding if you went through all the steps required to get it working: https://community.openvpn.net/openvpn/attachment/wiki/IRCimages/clientlan.png In a nutshell, you need to configure both a route and a "iroute" to inform the VPN server (your relay point) where a certain LAN is. Hope this helps. Regards, -- Antonio Quartulli |
