[Solved] Server Log IP Address Points to pfSense OpenVPN {Azure}
-
Hi all,
Just looking for a little bit of guidance/help. Struggling with this.
1 Network Interface
Public IP:1194 UDP
Static: 172.20.0.2
{Azure Deployment}
(Person Wanting to Connect) Internet -> pfSense + OpenVPN -> Box A (172.20.1.8 )
-> Box B (172.20.2.9 )Clients get ip in : 172.18.0.0/24
Everything is working perfectly as far as VPN connectivity. A client connects, and is assigned a static ip. Box A & box B are now accessible.
However, all server logs on Box A & B (and when I do a who on the box) show my pfSense/OpenVPN IP (172.20.0.2) instead of the client static IP.
Where should I be looking/reading up on – had some troubles finding similar threads.
Thanks!
One edit
I thought IP forwarding might have been the issue after checking the Azure NIC (ip forwarding was off); however, I tested and updated the Azure NIC to enable IP Forwarding and checked on the pfSense box (ip forwarding enabled)sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1
-
<= bump =>
Hopefully it's something obvious.
My second attempt was with pfSense 2.3.2 (2 Nics, 1 assigned WAN, 1 assigned 'LAN')
I have openvpn listening on the LAN adapter. I have created a nat rule to allow vpn connections to the lan (WAN,UDP,,,WAN ADDRESS,1194,lan adapter ip, 1194)… however who shows wan adapater.
I have setup other servers running OpenVPN (off an Ubuntu box) and the server logs are as I would expect (client IP shows).
====================================================================================================
Well if anyone stumbles upon this, here is what I did to fix this:
*Automatic nat to manual nat
*Removed WAN nat entries for my tunnel network (left lan... still need to validate traffic is going through my lan interface)
*On Azure, create an inbound rule on NSG allowing my tunnel
*On Azure, create a route table, tunnel next hop = pfsense (associate to the subnet)