Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN P2P NAT problem

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 560 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zubziro
      last edited by

      Hi,

      My pfsense 2.4.4 is connected as client to remote OpenVPN server in Peer to Peer mode.

      Remote server ip 10.8.0.1, pfsense client ip 10.8.0.2.
      I need to access remote server SSH. It is working fine when I first SSH to pfsense console and do: ssh 10.8.0.1.

      I'm trying to setup NAT for pfsense 192.168.1.6 (pfsense LAN ip) : 33022 to 10.8.0.1 : 22. After 2 days of trying countless combinations still no luck.

      Any help is appreciated.

      /Thanks

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        You have overlapping Subnets or why do you want to use NAT?
        Just add or push the Route from the Server Side Subnet to your Client pfSense, get Firewall Rules in place and thats it.

        -Rico

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          You are not guaranteed to be able to do anything with a destination of an OpenVPN tunnel address. ssh to the LAN address on the other side instead.

          Add the other side's LAN as a Remote Network (and vice versa on the other side)
          Be sure the other side's OpenVPN firewall rules pass the ssh traffic.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          Z 1 Reply Last reply Reply Quote 0
          • Z
            zubziro @Derelict
            last edited by

            @derelict said in OpenVPN P2P NAT problem:

            You are not guaranteed to be able to do anything with a destination of an OpenVPN tunnel address. ssh to the LAN address on the other side instead.

            Add the other side's LAN as a Remote Network (and vice versa on the other side)
            Be sure the other side's OpenVPN firewall rules pass the ssh traffic.

            Hi, thanks for answers. Not the one I hoped for though.
            It's the same subnet on both sides :-( a lot of work to move as many devices has static ip. But I guess if it's only solution then it has to be done.

            (Still strange I can't NAT to remote VPN IP because I can reach it from pfsense console)

            Thanks!

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Well, can you SSH to the tunnel address from the other side? Meaning from the other side's LAN to the other side's tunnel address?

              If so, that means sshd is listening on and can receive connections on that address so it should work.

              You would want to assign an interface to the OpenVPN instance on the connecting side and set up outbound NAT on OpenVPN for the proper sources to the ssh on the other side.

              I don't see any reason that should not work if sshd can receive connections there as described above.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.