NAT vpn if connection to a specific host.
-
I have a VPN Server configured on Pfsense so i can access my home when im out and it works perfect.
The problem I have is i have a machine on my network that i have limited control over, this VNC machine only allows access to it on its local subnet so i am not able to access it via VPN. The problem is when im out and about i can access my environment over VPN but i can not access this unless i RDP to another machine or something.
Is it possible to configure Pfsense to NAT the connection and use a local lan IP when NATing if i a connection from the VPN network is trying to access this machine.
I want to be able to configure a Pfsense to Nat the connect to the machine so the VNC machine thinks the traffic is coming from my local network and not my VPN network. the only port i really needed NAT'd is vnc port 5900
so here is what i am trying to achieve using info i found on other threads
Vpn network 10.99.8.0/24 ---> Nat traffic to 192.168.0.0/24 ---> VNC Machines 192.168.0.85I have tired a few different things but not really sure where to start.
Here was one attempt but it doesnt work. Im not sure in this case what type of NAT i should be using so any help will be appreciated.
[img]https://i.imgur.com/sG6HJEs.png[/img]
-
Perhaps you could try OpenVPN tap mode, which is essentially a bridge between the 2 sites.
-
@swansense said in NAT vpn if connection to a specific host.:
Is it possible to configure Pfsense to NAT the connection and use a local lan IP when NATing if i a connection from the VPN network is trying to access this machine.
Yeah you can do that, just create a outbound nat on the interface this device is on, lan I would assume. With destination to that specific IP source of your vpn tunnel network, using the lan address as the address.
This will make it look like to the device your coming from your pfsense lan IP vs the IP of the vpn client tunnel network IP.
If need be I could setup an example with my vpn showing you pictures..
edit: Here you go just did example anyway. So pfsense lan IP is 192.168.9.253, my tunnel network for vpn is 10.0.200/24 - so at first you can see my vpn client pinging host on my lan network 192.168.9.100 coming from 10.0.200.250..
I then created the outbound nat on the lan interface. Now the pings come from pfsense IP vs the vpn client IP.
You could get specific with the destination, for example I could of used specific 192.168.9.100/32 as the destination vs the whole network..
-
wow that was a lot easier than i expected.
thanks so much I literally spent days trying to figure this out and it worked without any issues.
Thanks again and happy holidays.
-
@swansense said in NAT vpn if connection to a specific host.:
Thanks again and happy holidays.
No problem - and a happy holidays to you as well..
