NAT through VPN to remoted site
-
Hi
I am trying to do the followingNAT to RDP works / Lan 10.46.127.10/24
Ext Client (WAN) -> (IP_ext) FW
\ S2S(PreShared-172.31.254.0/24) <-> TerminalServer(10.45.127.10/26)
But NAT directly to 10.45.127.10 do not work
I can see the NAT are used but I cannot see the traffic is going anywhere.
How do I direct it down through then OpenVPN S2S over to the TerminalServer.
From the LAN everything works but not from the NATRegards
Henning -
@hsv Can you elaborate what exactly you mean by "from the nat"
A proper network diagram could also help understand the question. -
Why are you using NAT on a VPN?
-
Hi @netblues
Thanks for helpingI have made two NATs on the FW
NAT Rule 1) on WAN interface: WAN IP1 to 10.46 .127.10/24 for RDP
NAT Rule 2) on WAN interface: WAN IP2 to 10.45 .127.10/26 for RDPNAT Rule 1 works
NAT Rule 2 do not work as I cannot get the NAT traffic to go down the OpenVPN tunnel.I will gladly make a drawing but how do I uploaded it to this forum?
Pub_IP1\ /LAN
WAN FW1
Pub_IP2/ \S2S_VPN <-> FW2 <->TS
Both FW1 and FW2 are pfsense 2.4.4p3
S2S_VPN is a PreShared with
FW1_S2Svpn: ip![alt text](image url) 172.31.254.1/24
FW2: S2Svpn: ip 172.31.254.2/24Regards
Henning![alt text](image url)![alt text](image url)![alt text](image url)![alt text](image url)![alt text](image url)![alt text](![image url](image url)) -
If you are trying to port forward in from WAN across OpenVPN to a host there you must:
- Assign an interface to the OpenVPN instance on the target server side
- Be sure that the incoming connection there is NOT passed by a rule on the OpenVPN tab but IS passed by a rule on the assigned interface tab. This will get you reply-to there and the reply traffic will be routed back through the tunnel.