On 02.01.24 15:31, Peter Davis via Openvpn-users wrote:
My server has a NIC with a local IP address. Clients can connect to it on the internal network. I want clients from outside to be able to connect to it, but I can't set a public IP on the server's network card. On the firewall (Fortinet) that is directly connected to the Internet, a public IP address is forwarded to the IP address of the OpenVPN server. For example, on the firewall, IP address 1.2.3.4 is forwarded to IP address 192.168.1.1. I want to know, if I replace the IP address 1.2.3.4 instead of 192.168.1.1 in the client configuration file, then the clients should be able to connect to the server from outside the network?
Assuming that a bunch of other setups¹ is OK as well, yes, that should work. At worst with a bit of fiddling re: server cert verification.
¹ Server's host firewall, firewall config on the Forti, both up to and including the (TCP or UDP?) port the OpenVPN server's using, server has a defaultroute back to the Forti and can in fact reach it, no DPI trying to mess with the connection/crypto, your Internet uplink allows proper pMTU detection and is well-reachable from wherever the clients will be located, ...
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users