Use of "No BINAT" to exclude WAN VIP not working.
sforsythe last edited by
I am trying to setup OpenVPN and am having issues that I realize are related to our 1:1 NAT.
We have a /24 but our provider does not route to us, instead they own the equipment at .1 and we are essentially on a switch port. Meaning we need answer ARP requests using Virtual IP and use 1:1 NAT.
Given network AA.BB.CC.0/24 , upstream default gw is AA.BB.CC.1 , our pfsense is AA.BB.CC.4/24
We have 1:1 NAT for AA.BB.CC.8/24 -> 10.10.1.8/24
I was hoping from the text of the "External subnet IP" box that we could 'start' on an ip not necessarily at the beginning of a network.
Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping. The subnet mask from the internal address below will be applied to this IP address.
That apparently doesn't work, as AA.BB.CC.4 is being NAT'ted to 10.10.1.4
I tried adding a rule
No Binat (not)
External subnet IP: AA.BB.CC.4
Internal IP: Single host or Alias : 10.10.1.4
but that did not seem to work.
If I completely disable the 1:1 NAT , the OpenVPN works instantly. And I can see in the state table my outside connection going from outside_ip -> AA.BB.CC.4 -> 10.10.1.4
Any thoughts or suggestions how to implement this?