need to change ip address after openvpn

wilfrid

Hi guys,

I have a pfSense with an openVPN server for routing to a external subnet.
The transfer net is 192.168.88.0 , the external network is 192.168.49.0 and my lan behind the pfSense is 192.168.0.0

Now a client from the second network (ex. 192.168.49.101) will make a envoking to 192.168.0.25;
this client (the 192.168.0.25) allowed only client from the local addresses.
How can I transfer my external address 192.168.49.101 to 192.168.0.101 ??

I have try to make a NAT 1:1, but there was no result ...

any ideas ?

thank you

viragomann

@wilfrid
You can do this with outbound NAT on pfSense.

Switch to the hybrid operation mode first and save it.
Then add a new rule:
interface: LAN
source: the external network
dest: 192.168.0.25
translation: interface address

wilfrid

@viragomann : Its dont work so, I dont need all traffic to the new address.

I need that the client from second network ex 192.168.49.101 has for all traffic in first network the client address 192.168.0.101,
like a local client ....

viragomann

@wilfrid said in need to change ip address after openvpn:

Its dont work so, I dont need all traffic to the new address.

This does not apply to the whole traffic, it only applies to what you enter at source and destination.

I need that the client from second network ex 192.168.49.101 has for all traffic in first network the client address 192.168.0.101,
like a local client ....

What is the different between interface address and any other IP in the local range for this purpose?

If you want to access the server using 192.168.0.101 for whatever reason, add this IP to the LAN interface as "IP Alias" and then select it in the outbound NAT rule at translation address.

wilfrid

@viragomann : the reason for this NAT is there is a client that only allows access from this network.
I have a site to site connected VPN over a tunnel network and need now that the second client get a (virtual) address from local network

LAN2 192.168.490 /24

PC1 192.168.49.101 <=== VPN ===>

wilfrid

@wilfrid

LAN 2 192.168.49.0 / 24 Tunnel 192.168.99.0/30 LAN 1 192.168.0.0 /24

PC1 192.168.49.101 <======VPN ======> access to 192.168.0.25 as local client
(the client address must be in 192.168.0.0/24)

viragomann

@wilfrid
So add the outbound NAT rule as suggested above and it is done well.

wilfrid

@viragomann
I have do this,
but if I capture packets with the diagnostic tool is there only the original network address

wilfrid

@wilfrid thank you , its work