Anyway to implement DNAT and SNAT?

dparsons

What I need is a rule that looks like this:

TYPE  NET1                IFACE        NET2 
SNAT  192.168.1.0/24 vpn              10.10.11.0/24       
DNAT  10.10.11.0/24  vpn              192.168.1.0/24

This is to overcome a network duplication issue where the people VPNing into my network have the same subnet as my internal network.

cmb

Depends on the type of VPN. IPsec, no, not without a separate box to do NAT. OpenVPN yes.

dparsons

Yes I am using OpenVPN so that is certainly good news!  Do you happen to have a doc on how to achieve this?  While I have found information on google about doing this it almost always involves using iptables to set it up correctly.

Thanks!

cmb

Only place I know of it being covered is in the book. http://pfsense.org/book

In short, assign your OpenVPN interfaces, then do NAT on them like any other interface. That's partially covered on the doc site, check the OpenVPN category at doc.pfsense.org.

dparsons

Thanks!