OpenVPN to internal network NAT

Sytec

Hello all,
I have a strange behavior after updating to the release 2.5.2.

The OpenVpn clients cannot connect to the SY-ASTERISK PBX because they are refused by the PBX security rules. Investigating the problem I found that the OpenVpn clients reach the PBX with the IP of the internal lan of the firewall (10.100.80.254) instead of the OpenVpn IP (192.168.190.X).
How I can deeply investigate this problem?

Thank you.

This is a simplified network diagram

viragomann

@sytec said in OpenVPN to internal network NAT:

I found that the OpenVpn clients reach the PBX with the IP of the internal lan of the firewall (10.100.80.254) instead of the OpenVpn IP (192.168.190.X).

That is done by Firewall > NAT > Outbound NAT. There might be a rule for the LAN interface.

If it's in automatic mode pfSense only adds a rule, when you set a gateway on the LAN, which should not be done as long as there are no special reasons.

Sytec

@viragomann

Thank you for your reply.

The lan interface gateway is empty and the NAT is set in 'Manual Outbound NAT rule generation'.
In any case I found the problem, there was a NAT rule configured to a network interface group with the LAN interface included.

Avevo controllato many time NAT configuration!

Thank you very much!