No announcement yet.

Question about site to site VPN and "real" IP addresses

  • Filter
  • Time
  • Show
Clear All
new posts

  • Question about site to site VPN and "real" IP addresses

    Disclaimer: I am not a networking expert, I'm using this because it "just works" and is easy to manage.

    I have a main office running NGFW on a VM (only to handle OpenVPN, it's not my router / firewall / DHCP server, at the main office at least), and some remote sites with NGFW running on a physical device where NGFW is the remote sites router / firewall / DHCP server.

    Let's say that my main office NGFW IP address is, with the main office DHCP server (which is also a DNS server / ad blocker / content filter) being, and it's DHCP server is giving out on leases.

    The remote sites are using things like,,,, etc. for the NGFW IP, and are handing out addresses of 10.x.0.100-200 for their DHCP leases. All of the remote sites are using (the DNS server on the far side of the tunnel) as their primary DNS for "easy" ad blocking and content filtering, with as the secondary.

    All of my tunnels work, I can ping remote workstation IP addresses from the main office, and vice versa, but I don't know if there's some way it's possible to see the "real" ip address of one of my remote clients in the logs of services at the main office.

    For example, if someone at (a workstation at a remote site) creates a help desk ticket, the ticket will say it came from (the main office NGFW installation)
    If someone does a DNS query from (a workstation at a remote site), the DNS server logs show that the query was made by (the main office NGFW installation)
    If someone at (a workstation at a remote site) deletes something off of a NAS, the logs on the NAS show the file was deleted by main office NGFW installation)

    So, my question is, is there some VPN equivalent or something functionally similar to the "X-Forwarded-For" HTTP header (can be used with reverse proxies so web servers log the "real" client IP instead of the reverse proxies IP) or is this just a side effect of my remote offices needing to VPN in to the main office?

    Is there something I should be using other than OpenVPN that would do this, assuming a "requirement" at the remote sites is split tunneling, so if a remote client tried going to some-website-online.tld they would connect directly to some-website-online.tld and not make the VPN server at load it for them, and only send data through the tunnel if it's going to 10.10.x.x?