PfSense using a Road warrior certificate
-
Hi all,
I'm trying to connect my pfSense to the office and I'm finding a little problem, hopefully someone can point me in the right direction.
I've been using a VM who's sole role is to provide the link into the office and rewrite packets, I added a route for the LAN subnets to my pfSense and pointing it to the VM as its gateway. Any thing bound for an IP on the work LAN is transparently rerouted with out problems:
- Home LAN <-> pfSense (Lan gateway) <-> Home VM (vpn gateway) <-> VPN Server at work (on the lan) <-> Work LAN (/20 subnet)
- 192.168.0.x (/24) <-> 10.11.12.x (/20)
To cut out the middle man, and to reduce the number of VMs on my home LAN, I put my road warrior certificates onto my firewall and it connected first time. It received the correct IP address in the vpn range, and all was happy. I checked the VPN server in the office and everything is connecting great guns.
Now, if I ping the ip address given to my firewall (based on the office LAN subnet), it replies.. Great! If I try and ping anything at the other end of the tunnel, it doesn't. Not so great. The logs in the office vpn server show:
May 7 13:02:48 openvpn openvpnserver[16710]: SvenHome/88.96.xxx.xx:26320 MULTI: bad source address from client [192.168.0.151], packet dropped
Which is why I'm not getting a reply.
It appears that the OpenVPN service on the my side isn't rewriting the packets, this is what I'd found when making the VM to do the same job, and so I had to add a couple of iptables rules to work around it. In essence, NAT'ing my LAN through the gateway.
How can I do the same type of thing on this VPN connection? Is it even possible?