[SOLVED] Considerations to pfSense OpenVPN Server when behind NAT?



  • Hi,

    pfsense directly connected to ISP.  WAN interface is assigned a private IP (192.168.1.x), with the real Internet Address NAT'd at the ISP.

    I have followed the guides + wizard to setup my pfsense as an OpenVPN Server for remote access.  I have not been able to establish a connection.

    I saw in the logs pfsense was sending the private IP address of the WAN interface.  I changed this, but still not establishing a connection.

    Are there any considerations I need to action for the VPN Server when pfsense is connected behind a NAT?

    Thank you,



  • Hi. I do this from time to time. You just want to make sure the udp port you use in your openVPN server is port forwarded to its IP address

    So for example I have a DDWRT router that is shared (roomates) and I just port forward ====> 1195 ====> PFSENSE (192.16.1.2)

    Then I just set my OpenVPN remote access server to use that interface and it works just fine.

    You do have to make sure in your openVPN client config that you change the IP to your public WAN IP (so in my example the DDWRT WAN IP)

    "remote <wan_ip>udp"</wan_ip>



  • Thanks for the reply.

    Yeah, I did take into account the "remote <wan ip="">UDP" in my client config.  Also, the ISP forwards all traffic through the WAN IP which is then NAT'd tot he private IP on the interface (so no filtering).

    I've been testing this over a really slow connection all day so I may just re-attempt next week, when I'll have better (quicker) access..

    If (errr, when) I get it working, I'll let post back here to confirm. :-)</wan>



  • Ok, just to confirm the issue was that the ISP device had a hidden 'advanced' setting which did not forward Internet packets by default, as I thought.

    Once this was found, and packets forwarded correctly, it worked fine!

    Thanks for your input!!


Log in to reply