OpenVPN Router (as a client) behind NSG

MarkSL
MarkSL Posts: 26  Freshman Member
First Anniversary 10 Comments Friend Collector First Answer
edited April 2021 in Nebula
We have a client that needs access to a hosted server within AWS. We do not manage that server. Their solution for server access via RDP is using an OpenVPN router (Router with built-in OpenVPN client) behind whatever primary router is in place. They suggest Sonicwall if the client does not have a business class router. We are trying to stay with the NSG already in place.

Has anyone used a setup like this with an NSG and if so, what is the basic configuration you have in place for this to work?

Thanks in advance for any information.

All Replies

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @MarkSL
    If their OpenVPN router is located behind the NSG as the initiator role then I don't think NSG need the additional setting.

    Chris
  • MarkSL
    MarkSL Posts: 26  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    Chris,

    The primary firewall runs the primary subnet for the network that all users and devices are on. The OpenVPN router is just connected so traffic can be routed through it.
  • MarkSL
    MarkSL Posts: 26  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    I would really like to work with support to see if we can duplicate the setup that the client is using in their network. If not, this client will be getting a new Sonicwall. I have test hardware in place that we can share access with to show how this is working.

    Thanks
  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    I assume the OpenVPN router is using site2site VPN? If it is the case then please also configure the port forwarding in virtual server, UDP500 and 4500.

    If still not work, then please enable the support request in Nebula, Help and provide the org. and site name for me. :)

    Chris
  • MarkSL
    MarkSL Posts: 26  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    I am not sure I am explaining this right from your response. We may have already wasted to much time and lost that sale.
  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Sorry to hear that, what I mean in previous message is if both sites (OpenVPN router and AWS) are using site2site VPN, since OpenVPN router is located behind the NSG should configure the port forwarding on it then can redirect the AWS. Like following screenshot.

    Please private message me if still has the chance on this case and I will suggest to go on the ticket channel in Nebula if have the similar case in future.

    Chris

Nebula Tips & Tricks