I plan to use an Opal router within an existing network.
Present configuration: LTE router with local network 192.168.8.x. One of the device connected is a NAS with fixed IP 192.168.8.200.
At this time, this NAS connects to a VPN server to be accessible from outside. The firewall is also located on the NAS.
The NAS is therefore locally accessilble and from outside directly as a web server.
The Opal shall take over the VPN client function and grant access to the NAS only.
Could I configure the Opal as 192.168.199, let it connect to the VPN server and install forward rules to 192.168.8.200 for everything ? Or should I install a subnet ? Problem with local access to the NAS ? using LAN or WAN port of Opal to the main switch ?
Thank you for your help to find the easiest solution.
Cheers
You need to make sure that the Opals network (default 192.168.8.x) does not collide with your network where the NAS is. Opal needs to have a different one, as I read your topology.
OK. Do I have to connect the NAS to the local network of the Opal ? Or just connect the Opal to my main switch.
If I connect the NAS to the subnet of the Opal (192.168.1.x as example)? not sure I get access to the NAS withint the local network (192.168.8.x) ?
Thank you
This is the present network without Opal. Works perfectly with the NAS acting as VPN client to get connected to the internet as web server.
I want an Opal taking over this VPN client function
And the Opal will connect to the same external VPN? So there is no real site-to-site VPN between your networks, instead everyone acts like a client, correct?
Yes the Opal shall connect to the same VPN server and direct all the traffic to the NAS.
There is no site-to-site VPN. I don't want to access my network from outside. Just the NAS has to be connected to my domain name provider.
And when connected within my local network I want to access the NAS.
Perhaps I should install the Opal as main router for the complete home network and configure that the VPN is only for the NAS. Because I don't want my outcoming traffic from home going thru the VPN ? Is it possible ?
OK. I will try several configurations based on the available options of the Opal.
(But I want a VPN client, not a server. The server is in Germany and I'm located in France).
I will let you know what I manage to do.
You might need "port forward" in the OPAL .
192.168.8.x is your OPAL WAN.
192.168.1.x is your OPAL LAN.
S-NAT from LAN to WAN on OPAL is automatic. The reverse initiated path needs some setup.
WAN-to-LAN Port forwarding or even "DMZ host" will make things much easier, than another WAN to LAN passthrough. (WAN devices then don't have to know, use or route the LAN IP addresses, they use the WAN (192.168.8.x) IP address to connect to the LAN devices)
VPN might need some attention to select for the Port Forwarding. (To be checked with SSH if the VPN interface is in the WAN zone, and no other firewall rules are blocking that traffic.)
LAN to WAN is doing NAT. (using the WAN IP address)
LAN to VPN should also do some NAT (using the VPN IP address) if a L3 VPN
Advantage of port forwarding is that besides the automatic return path (reversed NAT) it can allow WAN initiated connections.
Also for things like Zerotier (L2 VPN) , using port forwarding will avoid the need for "managed routes" in Zerotier's management portal. (Zerotier does not fit on OPAL unfortunately)
Thank you. Was a bit tricky to setup the forward rules, had some issues with SSL certificates but now everything runs perfectly.
Not only the forward rules associated with the VPN are needed. Also at the VPN connection stage, one must allow the access to the LAN. If not, the forward rules are not fully working.
