Interesting situation – need to route all local traffic through remote pfSense
-
You can tell pfsense to use openvpn as the outbound interface for a particular LAN interface by configuring that in firewall > NAT Manual outbound NAT. Just be sure to add a virtual interface for openvpn (I'd use openvpn).
So, as an example, if everything on OPT5 was on 192.168.201.0/24 and you wanted anyone on opt5 to get internet through your pfsense/openvpn server in the datacenter, you would put that into your manual outbound NAT on the client pfsense and select your openvpn interface instead of WAN in manual outbound NAT.
-
Firewall rules can direct traffic in this case, or can set a default route across the VPN.
You can tell pfsense to use openvpn as the outbound interface for a particular LAN interface by configuring that in firewall > NAT Manual outbound NAT.
No, NAT strictly defines translation, not where traffic goes.
-
Yeah - Its does work.
If a openvpn client interface is selected on manual outbound NAT, that interface is where all the outbound traffic that meets the criteria stipulated will exit.
I'm sure you know lots more than me, but you can't tell me that something that has been working for me for a long time doesn't work. I know it does because its working for me now. Not theory.
However, I agree, that doing it in firewall rules also works.
-
But why NAT VPN traffic between distinct private lans?
-
What this guy is asking for isn't actually uncommon at all if I'm understanding correctly.
There is a site A and a site B
He wants all internet bound traffic from a particular interface on site B to go out over vpn to a server at site A.
Seems simple enough. Anyway - Will be interesting to see what he works out.
-
Hi,
Sorry my diagram is somewhat incorrect and my original phrasing of the question is quite poor.
Here's what I want – I want to route all traffic coming into OPT3 at the office sent to the datacentre, then out the datacentre's internet connection.
I would have thought this is a fairly typical configuration. I've found guides on how to send ALL traffic from the pfSense through the IPSEC tunnel, but no guide on how to funnel traffic out a single interface through an IPSEC tunnel.
I'd rather not use OpenVPN because all our Site to Site VPNs are established using IPSEC. But if it so happens that IPSEC cannot accomplish what I want, I will use OpenVPN
Can someone answer the million dollar question: 192.168.254.0/24 at Site A; 192.168.253.0/24 at Site B; IPSEC tunnel established between the two. Now, I need to send traffic from 192.168.254.0/24 at Site A through the IPSEC tunnel to Site B, then NAT it out the WAN connection of Site B.
I hope that explains it!
-
Why don't you just have both "sharing clients" connect directly to the office pfsense directly via openvpn for internet sharing?
-
Because I am trying to provide internet access to an entire business (so devices like their printers etc can get internet access), not a VPN system.
-
Yeah - Its does work.
If a openvpn client interface is selected on manual outbound NAT, that interface is where all the outbound traffic that meets the criteria stipulated will exit.
No, it doesn't. NAT only defines translation, the system routing table and/or policy routing rules tell traffic where to go. You have a route or rule that's directing the traffic out of the VPN.
-
If the vpn server is configured correctly and the client, routes exist.
If the interface associated with the vpn client is configured in outbound NAT to be used with a certain subnet, thats where the traffic will go.
Seems simple to me.