• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Client > pfsense WAN <nat>> Opt1 > OpenVPN client</nat>

Scheduled Pinned Locked Moved NAT
5 Posts 2 Posters 10.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bachi
    last edited by Apr 7, 2011, 8:44 AM

    Hello pfsense world. :)

    I have pfsense 1.2.3 as my internet gateway. I have WAN, LAN and OPT1 interface. OPT1 is for OpenVPN. When I forward port in NAT pointing to device which is sitting on LAN network, pfsense works fine, and external clients can access resources on that device.

    Problem is, when I want to forward port to OpenVPN client, after applying settings, nothing happens.

    What am I doing wrong?

    Here is my NAT table:

    10.10.10.33 is IP adress of one OpenVPN Client connected to OpenVPN Server.

    Thanks in advance

    1 Reply Last reply Reply Quote 0
    • G
      GruensFroeschli
      last edited by Apr 7, 2011, 10:26 AM

      Are you forcing all traffic of the client to go though the VPN tunnel?
      Unless you do, this is what is probably happening:

      • External users connects to your pfSense.
      • Packets are forwarded to your OpenVPN client.
      • Since the source is a public IP, and you're not forcing everything through the tunnel, the client answers directly via it's default gateway.

      To solve this:

      • Force all traffic from the OpenVPN client into the tunnel (redir def1)
      • Source NAT on the pfSense so it seems to the OpenVPN client that the requests come from the pfSense and answers correctly.

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • B
        bachi
        last edited by Apr 7, 2011, 10:41 AM

        @GruensFroeschli:

        Are you forcing all traffic of the client to go though the VPN tunnel?

        No.

        • External users connects to your pfSense.
        • Packets are forwarded to your OpenVPN client.
        • Since the source is a public IP, and you're not forcing everything through the tunnel, the client answers directly via it's default gateway.

        It seems so, now I understand why does not work and thanks for that.

        • Source NAT on the pfSense so it seems to the OpenVPN client that the requests come from the pfSense and answers correctly.

        How to do that? Firewall / NAT / Outbound? What should I do with Automatic outbound rule? Leave that way or change to manual? What to enter in outbound rules to make sure that my LAN subnet won't be cuted of from Internet?

        1 Reply Last reply Reply Quote 0
        • G
          GruensFroeschli
          last edited by Apr 7, 2011, 11:02 AM

          Enable manual outbound rule generation.

          Per default there will be an auto-generated rule to NAT outbound traffic from the LAN to the WAN.
          You need to create a new rule with:
          interface: openVPN-interface
          source: any
          destination: server you NAT to

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • B
            bachi
            last edited by Apr 7, 2011, 11:12 AM

            10x, I will try that and let you know if it works of not. :D

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received