Tweet
Disclaimer: I am not a networking expert, I'm using this because it "just works" and is easy to manage.
-----------
I have a main office running NGFW on a VM (only to handle OpenVPN, it's not my router / firewall / DHCP server, at the main office at least), and some remote sites with NGFW running on a physical device where NGFW is the remote sites router / firewall / DHCP server.
Let's say that my main office NGFW IP address is 10.10.0.2, with the main office DHCP server (which is also a DNS server / ad blocker / content filter) being 10.10.0.1, and it's DHCP server is giving out 10.10.0.100-200 on leases.
The remote sites are using things like 10.20.0.1, 10.30.0.1, 10.40.0.1, 10.50.0.1, etc. for the NGFW IP, and are handing out addresses of 10.x.0.100-200 for their DHCP leases. All of the remote sites are using 10.10.0.1 (the DNS server on the far side of the tunnel) as their primary DNS for "easy" ad blocking and content filtering, with 8.8.8.8 as the secondary.
All of my tunnels work, I can ping remote workstation IP addresses from the main office, and vice versa, but I don't know if there's some way it's possible to see the "real" ip address of one of my remote clients in the logs of services at the main office.
For example, if someone at 10.20.0.123 (a workstation at a remote site) creates a help desk ticket, the ticket will say it came from 10.10.0.2 (the main office NGFW installation)
If someone does a DNS query from 10.30.0.111 (a workstation at a remote site), the DNS server logs show that the query was made by 10.10.0.2 (the main office NGFW installation)
If someone at 10.40.0.222 (a workstation at a remote site) deletes something off of a NAS, the logs on the NAS show the file was deleted by 10.10.0.2(the main office NGFW installation)
So, my question is, is there some VPN equivalent or something functionally similar to the "X-Forwarded-For" HTTP header (can be used with reverse proxies so web servers log the "real" client IP instead of the reverse proxies IP) or is this just a side effect of my remote offices needing to VPN in to the main office?
Is there something I should be using other than OpenVPN that would do this, assuming a "requirement" at the remote sites is split tunneling, so if a remote client tried going to some-website-online.tld they would connect directly to some-website-online.tld and not make the VPN server at 10.10.0.2 load it for them, and only send data through the tunnel if it's going to 10.10.x.x?
-----------
I have a main office running NGFW on a VM (only to handle OpenVPN, it's not my router / firewall / DHCP server, at the main office at least), and some remote sites with NGFW running on a physical device where NGFW is the remote sites router / firewall / DHCP server.
Let's say that my main office NGFW IP address is 10.10.0.2, with the main office DHCP server (which is also a DNS server / ad blocker / content filter) being 10.10.0.1, and it's DHCP server is giving out 10.10.0.100-200 on leases.
The remote sites are using things like 10.20.0.1, 10.30.0.1, 10.40.0.1, 10.50.0.1, etc. for the NGFW IP, and are handing out addresses of 10.x.0.100-200 for their DHCP leases. All of the remote sites are using 10.10.0.1 (the DNS server on the far side of the tunnel) as their primary DNS for "easy" ad blocking and content filtering, with 8.8.8.8 as the secondary.
All of my tunnels work, I can ping remote workstation IP addresses from the main office, and vice versa, but I don't know if there's some way it's possible to see the "real" ip address of one of my remote clients in the logs of services at the main office.
For example, if someone at 10.20.0.123 (a workstation at a remote site) creates a help desk ticket, the ticket will say it came from 10.10.0.2 (the main office NGFW installation)
If someone does a DNS query from 10.30.0.111 (a workstation at a remote site), the DNS server logs show that the query was made by 10.10.0.2 (the main office NGFW installation)
If someone at 10.40.0.222 (a workstation at a remote site) deletes something off of a NAS, the logs on the NAS show the file was deleted by 10.10.0.2(the main office NGFW installation)
So, my question is, is there some VPN equivalent or something functionally similar to the "X-Forwarded-For" HTTP header (can be used with reverse proxies so web servers log the "real" client IP instead of the reverse proxies IP) or is this just a side effect of my remote offices needing to VPN in to the main office?
Is there something I should be using other than OpenVPN that would do this, assuming a "requirement" at the remote sites is split tunneling, so if a remote client tried going to some-website-online.tld they would connect directly to some-website-online.tld and not make the VPN server at 10.10.0.2 load it for them, and only send data through the tunnel if it's going to 10.10.x.x?