4. Use of "No BINAT" to exclude WAN VIP not working.

Use of "No BINAT" to exclude WAN VIP not working.

  • S

    Hi All,

    I am trying to setup OpenVPN and am having issues that I realize are related to our 1:1 NAT.

    We have a /24 but our provider does not route to us, instead they own the equipment at .1 and we are essentially on a switch port. Meaning we need answer ARP requests using Virtual IP and use 1:1 NAT.

    Given network AA.BB.CC.0/24 , upstream default gw is AA.BB.CC.1 , our pfsense is AA.BB.CC.4/24

    We have 1:1 NAT for AA.BB.CC.8/24 -> 10.10.1.8/24

    I was hoping from the text of the "External subnet IP" box that we could 'start' on an ip not necessarily at the beginning of a network.

    Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping. The subnet mask from the internal address below will be applied to this IP address.

    That apparently doesn't work, as AA.BB.CC.4 is being NAT'ted to 10.10.1.4

    I tried adding a rule
      No Binat (not)
      External subnet IP: AA.BB.CC.4
      Internal IP: Single host or Alias : 10.10.1.4

    but that did not seem to work.
    If I completely disable the 1:1 NAT , the OpenVPN works instantly.  And I can see in the state table my outside connection going from  outside_ip -> AA.BB.CC.4 -> 10.10.1.4

    Any thoughts or suggestions how to implement this?

    Shane

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy