Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Manual outbound NAT of OpenVPN interface does not always work

    NAT
    1
    1
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      packet_herder
      last edited by

      I am currently testing pfsense's ability to maintain an OpenVPN client -> remote server connection and then to have it as its default gateway, with other machines on the LAN accessing the net through pfsense.

      In order for this to be usable, Manual Outbound NAT rule generation is enabled, and a rule has been created for the OpenVPN interface to translate packet source addresses to the OpenVPN interface address. With this, with a test machine on the same LAN as pfsense I can use the internet etc. However, in the OpenVPN server log, I can see the following errors about 3 times a minute:

      Sep 21 22:00:13 2011 us=994604 pfsense/<my public="" ip="" address="">:10141 MULTI: bad source address from client [10.0.0.5], packet dropped</my>

      Am I correct in thinking this should be impossible, as pfsense is instructed to rewrite the source address of all packets? 10.0.0.5 is the IP address of the test machine.

      pfsense: 2.0-RELEASE  (amd64) built on Tue Sep 13 17:05:32 EDT 2011.
      Running in: Virtual Box 4.1.2_Ubuntu r38459.

      Thanks for any help.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.