@normic SNWL does not support OpenVPN as a client, you might consider connecting via SSL-VPN or IPsec.
If a client in your network needs to open an OpenVPN Connection you need to create a Firewall Access Rule for allowing the traffic, but it seems this is not what you're looking for.
If this does not point you in the right direction you might consider get in touch with a SonicWall Partner, because security related configurations should be done with care.
The KB-Article states "SSL VPN is one method of allowing remote users to connect to the SonicWall and access the internal network resources."
But I want it the other way round. I have a TZ570 and an OPNsense in our DC. And I want the TZ570 to act as a client and connect to the OPNsense (which is the SSL-VPN Server).
My "problem" here is, that the SNWL has three ISPs which do not all have fixed IPs, therefore I need the SNWL to start the VPN connection.
Michael@normic SNWL does not support any Client-Mode besides IPsec. I'am not sure if Tunnel Interfaces are supported in combination with OPNsense, but this would be the my preferred choice.
Answers
@normic SNWL does not support OpenVPN as a client, you might consider connecting via SSL-VPN or IPsec.
If a client in your network needs to open an OpenVPN Connection you need to create a Firewall Access Rule for allowing the traffic, but it seems this is not what you're looking for.
--Michael@BWC
Thanks, for your answer. That is the way I thought about, but I don't know how to configure the SNWL with the SSL-VPN options as a client.
Maybe it's quite easy, but I don't get it right now.
@normic you might search the Community, it's discussed a few times.
This KB-article helps as well:
If this does not point you in the right direction you might consider get in touch with a SonicWall Partner, because security related configurations should be done with care.
--Michael@BWC
Hi Michael,
thanks for the info, maybe I was a bit unclear.
The KB-Article states "SSL VPN is one method of allowing remote users to connect to the SonicWall and access the internal network resources."
But I want it the other way round. I have a TZ570 and an OPNsense in our DC. And I want the TZ570 to act as a client and connect to the OPNsense (which is the SSL-VPN Server).
My "problem" here is, that the SNWL has three ISPs which do not all have fixed IPs, therefore I need the SNWL to start the VPN connection.
I hope this makes it more clear.
Best, Michael ;-)
Michael@normic SNWL does not support any Client-Mode besides IPsec. I'am not sure if Tunnel Interfaces are supported in combination with OPNsense, but this would be the my preferred choice.
If VTI is not working you could use at least use Site-to-Site, failover might be a bit tricky.
--Michael@BWC
IPsec between SonicOS and OpnSense will be absolutely fine. Set it up with manual IKE IDs to handle the changing public IPs.