Vpn Host to LAN

Post Reply
badrequest
OpenVpn Newbie
Posts: 1
Joined: Fri Sep 13, 2019 2:22 pm

Vpn Host to LAN

Post by badrequest » Fri Sep 13, 2019 2:24 pm

For the purposes of an internal company project, I'm looking for a tool that allows me to create a vpn between one host and the customer's LAN.
All this is feasible by installing a virtual machine inside the customer's LAN and then connecting via openvpn client.
This, however, implies some operations on its part such as opening the firewall ports (operations that we do NOT want the customer to do).
Now: is there an "install-and-go" solution that allows once installed to connect to the customer's LAN (previously configured)?
Thanks.

novaflash
I should be on the dev team.
Posts: 978
Joined: Fri Apr 13, 2012 8:43 pm

Re: Vpn Host to LAN

Post by novaflash » Fri Sep 13, 2019 8:18 pm

Yes, and no. It's complicated. You need some sort of cooperation from the network side. You can use NAT but it would have its limitations.

You'd need to run an Access Server somewhere on the public Internet, and have a VM or physical device that does an outgoing VPN tunnel to that Access Server. That gets you into at least that VM or physical device from your Access Server.

If you enable site-to-site, the VM or physical device on that network would be able to pass on information to that network, but these would come from a subnet in the Access Server that that network is not aware of so wouldn't know how to respond. You could then try to add a SNAT rule on that VM or physical device to translate requests to make them look like they come from that VM or physical device itself. But then the traffic over the existing VPN tunnel would always have to be initiated from the VPN server side.

Post Reply