Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route ip range traffic through openvpn

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 641 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bzg
      last edited by

      Hello All,

      I have a strange problem I can't resolve since two weeks, almost everything is working well, just one thing that I can imagine, why. Let's see the details:

      • site A subnet: 10.0.0.0/22

      • site A Client Group A: 10.0.0.10 - 10.0.0.200

      • site A Client Group B: 10.0.0.201 - 10.0.0.250

      • site A public IP: x.x.x.65/24

      • site B subnet: 10.0.100.0/22

      • site B public IP1: y.y.y.1/24

      • site B public IP2: y.y.y.25/28

      • OpenVPN Site to site VPN Server (Site A): 192.168.100.1

      • OpenVPN Site to site VPN Client (Site B): 192.168.100.2

      I have to configure the following:

      • a) Site A: all traffic from Client Group B must be routed through OpenVPN - site B public IP2 (y.y.y.25/28)

      • b) Site A: all traffic from Client Group A must be routed through site A public IP (x.x.x.65/24)

      • c) Site B: all traffic from Client Group C must be routed through site B public IP1 (y.y.y.1/24)

      I'm done with:

      • c) Done: simple NAT on site B public IP1 (y.y.y.1/24)

      • b) Done: simple NAT on site A public IP (x.x.x.65/24)

      • a) I did the followings:

        • OpenVPN Site to site VPN: Done

        • Site A: create IP Alias IPRANGE1 with IP range 10.0.0.201 - 10.0.0.250

        • Site A: assign interface OPT1 to OpenVPN interface ovpn1

        • Site A: create Firewall Rule on LAN interface:

        • Action: pass

        • Interface: LAN

        • Source: Single host or alias: IPRANGE1

        • Protocol: any

        • Advanced - Gateway: OPT1_VPNV4 (name assigned automatically)

        • Site B: create Virtual IP:

        • Name: VIP1

        • Type: IP Alias

        • Address: y.y.y.25/28

        • Site B: create Outbound NAT rule

        • Interface: WAN

        • Source: site A Client Group A

        • NAT Address: WAN Address

      Up to this point everything is working, if I check the http://www.whatsmyip.org/ the result is what is expected: y.y.y.1/24, as well in case of SSH and FTP the remote site returns IP: y.y.y.1/24.

      But if I change the step "Site B: create Outbound NAT rule" and replace the NAT Address to VIP1, then the result is not clear:

      • if I use SSH then the remote site returns the VIP1 adress: y.y.y.25/28

      • if I use HTTP with a very basic (no ADS, no JS, etc…) site then the remote site returns the VIP1 address: y.y.y.25/28

      • but if I try again the http://www.whatsmyip.org/ then the page is not loaded, I see in statusbar the message connecting. Sometimes the IP is okay, but no stylesheet is loaded, etc…

      Any idea what am I wrong? Howto resolve this issue?

      Kind Regards,
      firewall.png
      firewall.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.