Force using IP of interface
-
Hello.
The hosts in my network use another gateway than pfSense. For openVPN i use pfSense. The connection works, but I have this problem:- If interface 2 obtains his ip address over dhcp (10.0.0.7), I can ping the hosts on interface 2, because the source ip of the packets is replaced with 10.0.0.7 (address of the interface).
- If I configure a static ip on the interface (again 10.0.0.7), the packets arriving over openvpn keep the source ip of the tunnel. The ping request reaches the correct host, but this host sends the reply to it's default-gateway (which is not pfSense), because the tunnel ip is not in the range 10.0.0.0.
How can I force pfSense to replace the tunnel ip with the static ip of the interface?
Thanks
-
So can you draw this up so everyone is clear to what your doing. Your wanting road warriors to come into pfsense openvpn server, but your clients behind pfsense dont use pfsense as their gateway.
You would have to create a route on the hosts that when talking to the IPs your road warrior clients would get to talk to pfsense.
Or are you talking about routing traffic from your machines behind pfsense to use a vpn going to some specific IPs? For like a vpn for your p2p traffic?
the easy solution here is to make pfsense your default gateway your clients and have pfsense have your internet connection(s) and your vpn connections, etc.
-
Hello. Here is a picture of the situation.
The remote location connects to pfSense and wants to communicate with the LAN.
With dhcp on the "problem interface" everything works fine, pfSense replaces the source ip 10.10.10.10 with 10.0.0.7, the host sends the response back to 10.0.0.7 and pfSense to 10.10.10.10. Everything fine.On a static ip, pfSense keeps the source ip 10.10.10.10. The request reaches the host correctly, the host sends the response to 10.10.10.10, but this packet obviously is sent to the default gateway, which is not pfSense.
The default gateway and the internet connection on pfSense are from two different providers. The LAN should generally use provider 2, provider 1 is only for vpn and a few special hosts inside the LAN, where the default gateway is set manually to 10.0.0.7 (pfSense).
-
just put both providers on pfsense, then pfsense is gateway and your good to go.
-
The third port on pfSense is occupied with another LAN…
-
The interesting thing is that it works with DHCP. But then pfSense doesn't forward traffic coming on that interface to the provider router…
With static ip i have the openvpn problem and pfSense forwards the traffic.
Therefore i would force the ip-replacement of the openvpn packets. -
I have solved the problem:
- DHCP client on the LAN interface (=>openVPN works)
- Set Firewall-NAT-Outbound to hybrid and add two mappings for the 10.0.0.0 LAN (interfaces LAN and WAN) (=>gateway for LAN works)
-
What?
So you set pfsense lan interface to be dhcp?
Dude get another nic for your pfsense box.. Another nic is lot cheaper then running another router..
So your clients are talking to your gateway that then sends it to pfsense lan.. And if you set dhcp on lan interface and it gets a gateway its now a wan interface.. Sounds like you have a MESS
You can hairpin it with putting a route on your 2nd router to the 10.10.10 network your remote vpn clients get to go to the 10.0.0.7 IP of pfsense. or you could create host routes on your lan clients that say hey 10.10.10 talk to pfsense at 10.0.0.7 not your default gateway.
Best solution is to just use pfsense as your gateway to either the internet or your vpn clients.
-
You just need to create an outbound NAT rule which translates source IP of packets leaving pfSense on your "problem interface" to the interface address. This solution works, no matter if DHCP is on or not.
