Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client > pfsense WAN <nat>> Opt1 > OpenVPN client</nat>

    NAT
    2
    5
    10.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bachi
      last edited by

      Hello pfsense world. :)

      I have pfsense 1.2.3 as my internet gateway. I have WAN, LAN and OPT1 interface. OPT1 is for OpenVPN. When I forward port in NAT pointing to device which is sitting on LAN network, pfsense works fine, and external clients can access resources on that device.

      Problem is, when I want to forward port to OpenVPN client, after applying settings, nothing happens.

      What am I doing wrong?

      Here is my NAT table:

      10.10.10.33 is IP adress of one OpenVPN Client connected to OpenVPN Server.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Are you forcing all traffic of the client to go though the VPN tunnel?
        Unless you do, this is what is probably happening:

        • External users connects to your pfSense.
        • Packets are forwarded to your OpenVPN client.
        • Since the source is a public IP, and you're not forcing everything through the tunnel, the client answers directly via it's default gateway.

        To solve this:

        • Force all traffic from the OpenVPN client into the tunnel (redir def1)
        • Source NAT on the pfSense so it seems to the OpenVPN client that the requests come from the pfSense and answers correctly.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • B
          bachi
          last edited by

          @GruensFroeschli:

          Are you forcing all traffic of the client to go though the VPN tunnel?

          No.

          • External users connects to your pfSense.
          • Packets are forwarded to your OpenVPN client.
          • Since the source is a public IP, and you're not forcing everything through the tunnel, the client answers directly via it's default gateway.

          It seems so, now I understand why does not work and thanks for that.

          • Source NAT on the pfSense so it seems to the OpenVPN client that the requests come from the pfSense and answers correctly.

          How to do that? Firewall / NAT / Outbound? What should I do with Automatic outbound rule? Leave that way or change to manual? What to enter in outbound rules to make sure that my LAN subnet won't be cuted of from Internet?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Enable manual outbound rule generation.

            Per default there will be an auto-generated rule to NAT outbound traffic from the LAN to the WAN.
            You need to create a new rule with:
            interface: openVPN-interface
            source: any
            destination: server you NAT to

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • B
              bachi
              last edited by

              10x, I will try that and let you know if it works of not. :D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.