OpenVPN NAT to LAN (internal ip)

chrisjmuk

Hello.

This is driving me insane - so i have openvpn installed with a tunnel i am currently just testing a full gateway so it will show the public ip of the pfsense (which is a lan/public IP)

But when i connect to a LAN IP which in this instance is actually public wan ip as its publically accessable i get my openVPN internal IP showing 10.0.80.0/24 as connected and not my external openvpn IP

Is there a rule i need for the NAT to force all connections to external IP no matter if its internal or not.

I have tried push routes and so on but makes no difference.

KOM

I'm a little confused here. When you connect to an OpenVPN server, it assigns you a virtual IP in the same subnet that you defined as the tunnel network. Your assigned OpenVPN IP address should not change based on which interface you connect from. Maybe I'm not understanding your problem.

chrisjmuk

Sorry so for example

So for LAN on our internal is lets say 55.66.77.0/24

Our OpenVPN External runs on a carp IP for HA of 55.66.77.254

Our internal OpenVPN is 10.0.90.0/24

When i see what my ip is in a bowser im given 55.66.77.254 which is correct and what i want

When i connect to the VPN and go to a server on the 55.66.77.0/24 it shows the 10.0.90.0/24 connected instead of the public ip 55.66.77.254

My NAT is

Interface: WAN
Sourse Network 10.0.90.0/24

Translation Address: 55.66.77.254

KOM

@chrisjmuk said in OpenVPN NAT to LAN (internal ip):

When i see what my ip is in a bowser

You mean one of those 'What is my IP address?" websites?

chrisjmuk

Yes.

I now have it working, i needed to do from LAN to the translation on the NAT under thje WAN NAT Rules

Another issues now when i disable "Force all client-generated IPv4 traffic through the tunnel." in the OpenVPN settings to only allow the VPN to access 55.66.77.0/24 it wont work.

I have tried doing a push and setting the gateway and also the "IPv4 Local network(s)"

But just doesnt want to ping when connected to the VPN and i dont know why, just seems very strange.

johnpoz

@chrisjmuk said in OpenVPN NAT to LAN (internal ip):

I now have it working, i needed to do from LAN to the translation on the NAT under thje WAN NAT Rules

huh?

KOM

Yeah I didn't quite understand that either but he seems to have gotten the result he wanted.

johnpoz

Have no freaking idea what he is doing - seems like he wants to source nat his vpn users? Just at a loss to why want to do that - just love not knowing what vpn client is connecting to your server ;)

Firewall rule on the dest device? It has no gateway - or different gateway would be the only reasons I could think of wanting to source nat.

If it was using a different default gateway, you could just host route on the device.