Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN config - traffic not NATing

    Scheduled Pinned Locked Moved OpenVPN
    20 Posts 4 Posters 2.5k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      clazmania @viragomann
      last edited by

      @viragomann

      It is checked, but internet access breaks if I uncheck it. Leads me to believe I do have a NAT issue.

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @clazmania
        last edited by

        @clazmania
        Yes, then presumably you're missing the outbound NAT rule.

        Is the outbound NAT in automatic mode?
        I'd expect, that the required rule is generated automatically if it is.
        Otherwise you have to add it manually.

        C 1 Reply Last reply Reply Quote 1
        • C Offline
          clazmania @viragomann
          last edited by

          @viragomann

          I do not seem to have an auto generated rule.

          I need something like this?

          8f0645a6-e68e-465b-ae3a-9ce157986271-image.png

          V A 4 Replies Last reply Reply Quote 0
          • V Offline
            viragomann @clazmania
            last edited by

            @clazmania
            The source has to be your internal networks, e.g. "LAN subnets" and the translation address has to be the VPN clients address. pfSense might provide a variable for it in the drop-down. Otherwise you have to assign an interface to the VPN client instance to get it.

            A 1 Reply Last reply Reply Quote 1
            • A Offline
              Antibiotic @clazmania
              last edited by

              @clazmania
              807bbd76-1597-4a5b-b08d-b2196d66e59d-image.png

              C 1 Reply Last reply Reply Quote 1
              • A Offline
                Antibiotic @clazmania
                last edited by

                @clazmania
                73c34a4d-206b-48fb-a72c-6ca2ac680c1b-image.png

                C 1 Reply Last reply Reply Quote 1
                • C Offline
                  clazmania @Antibiotic
                  last edited by

                  @Antibiotic Thanks, I do have a similar config. The only difference is the dst port, guessing due to ISAKMP.

                  b5f6ea74-c2dc-4207-9db9-cc852b5176fa-image.png

                  1 Reply Last reply Reply Quote 0
                  • A Offline
                    Antibiotic @viragomann
                    last edited by

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • A Offline
                      Antibiotic @clazmania
                      last edited by

                      @clazmania
                      72822101-208c-4da5-968f-fc981ac635f0-image.png

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        clazmania @Antibiotic
                        last edited by

                        @Antibiotic 43a0976b-ec89-44b6-ac29-5b38aaeb94b4-image.png

                        A V 3 Replies Last reply Reply Quote 0
                        • A Offline
                          Antibiotic @clazmania
                          last edited by

                          @clazmania Are you using IPSEC VPN?
                          Shoud be set VPN interface not a OpenVPN itself. IDK may by you called VPN interface as OpenVPN)))

                          C 1 Reply Last reply Reply Quote 1
                          • C Offline
                            clazmania @Antibiotic
                            last edited by

                            @Antibiotic I did call it OpenVPN and that may have been a mistake. Because I have an OPENVPN and OpenVPN and I think that is causing confusion for me. I guess I can remove the config and recreate with another name. Then revisit.

                            A 1 Reply Last reply Reply Quote 0
                            • A Offline
                              Antibiotic @clazmania
                              last edited by

                              @clazmania said in OpenVPN config - traffic not NATing:

                              @Antibiotic I did call it OpenVPN and that may have been a mistake. Because I have an OPENVPN and OpenVPN and I think that is causing confusion for me. I guess I can remove the config and recreate with another name. Then revisit.

                              Reply Quote
                              0

                              Ah ))) Good luck

                              1 Reply Last reply Reply Quote 0
                              • V Offline
                                viragomann @clazmania
                                last edited by

                                @clazmania
                                I don't assume, that you want to edtablish an IPSec through the OpenVPN provider. That's the only thing the ISAKMP rule is good for, however.

                                1 Reply Last reply Reply Quote 0
                                • A Offline
                                  Antibiotic @clazmania
                                  last edited by

                                  @clazmania ISAKMP only use for IPsec protocol , if you use openvpn protocol set as in my example

                                  C 1 Reply Last reply Reply Quote 0
                                  • C Offline
                                    clazmania @Antibiotic
                                    last edited by

                                    @Antibiotic I just wanted to follow up on this one. I found out the problem was that I had not changed the gateway for the firewall rule, which is listed in the advanced settings. After changing the gw, voila. Darn stupid mundane details...i swear.....

                                    Anyway, thank you for helping....

                                    1 Reply Last reply Reply Quote 1
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.