• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN - masquerade traffic to access IPSec tunnel

Scheduled Pinned Locked Moved NAT
3 Posts 2 Posters 677 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    alberto788
    last edited by Apr 3, 2022, 12:05 PM

    Good morning everyone and thanks to those who will help me :D

    I have configured this scenario:

    pfSense 2.6.0
    LAN IP: 192.168.1.1/24
    WAN IP: 1.2.3.4
    OPENVPN SERVER IP: 10.0.200.1/24

    I had to create an IPSec VPN to one of our customers which accepts only traffic coming from our LAN subnet 192.168.1.1/24 (their internal rules).
    I need to make sure that users who connect via OpenVPN client to our network and then reach it with subnet 10.0.200.1/24 can reach the resources on the other end of the IPSec VPN.
    I was thinking to mask all the traffic from network 10.0.200.1/24 to IPSec so that it shows up with IP 192.168.1.254.

    I guess there is a need to configure an outbound NAT but I can't figure out how.
    Can you help me?
    Thank you very much!

    V 1 Reply Last reply Apr 3, 2022, 1:17 PM Reply Quote 0
    • V
      viragomann @alberto788
      last edited by Apr 3, 2022, 1:17 PM

      @alberto788
      The IPSec phase 2 BINAT / PAT is meant to do this.

      Add an additional p 2. Enter the OpenVPN tunnel network into the Local Network box.

      Maybe you can limit the OpenVPN clients to a smaller subnet, so you can nat to whole tunnel network to an unused segment of your LAN.
      Then you could select Network at NAT/BINAT translation and enter the translation network segment.

      Otherwise you have to use a single address for all OpenVPN client. Then select Adress and state it in the next right box.

      1 Reply Last reply Reply Quote 1
      • A
        alberto788
        last edited by Apr 3, 2022, 2:23 PM

        Thank you for your response.
        I set the p2 to use a single address for NAT/BINAT translation and it works perfectly!
        Thank you!

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received