Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Server Log IP Address Points to pfSense OpenVPN {Azure}

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 788 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      io
      last edited by

      Hi all,

      Just looking for a little bit of guidance/help. Struggling with this.

      1 Network Interface
                                              Public IP:1194 UDP
                                              Static: 172.20.0.2
                                              {Azure Deployment}
      (Person Wanting to Connect) Internet -> pfSense + OpenVPN ->  Box A  (172.20.1.8 )
                                                                ->  Box B  (172.20.2.9 )

      Clients get ip in : 172.18.0.0/24

      Everything is working perfectly as far as VPN connectivity. A client connects, and is assigned a static ip. Box A & box B are now accessible.

      However, all server logs on Box A & B (and when I do a who on the box) show my pfSense/OpenVPN IP (172.20.0.2) instead of the client static IP.

      Where should I be looking/reading up on – had some troubles finding similar threads.

      Thanks!

      One edit
      I thought IP forwarding might have been the issue after checking the Azure NIC (ip forwarding was off); however, I tested and updated the Azure NIC to enable IP Forwarding and checked on the pfSense box (ip forwarding enabled)

      sysctl net.inet.ip.forwarding
      net.inet.ip.forwarding: 1

      1 Reply Last reply Reply Quote 0
      • I
        io
        last edited by

        <= bump =>

        Hopefully it's something obvious.

        My second attempt was with pfSense 2.3.2 (2 Nics, 1 assigned WAN, 1 assigned 'LAN')

        I have openvpn listening on the LAN adapter.  I have created a nat rule to allow vpn connections to the lan (WAN,UDP,,,WAN ADDRESS,1194,lan adapter ip, 1194)… however who shows wan adapater.

        I have setup other servers running OpenVPN (off an Ubuntu box) and the server logs are as I would expect (client IP shows).

        ====================================================================================================

        Well if anyone stumbles upon this, here is what I did to fix this:

        *Automatic nat to manual nat
        *Removed WAN nat entries for my tunnel network (left lan... still need to validate traffic is going through my lan interface)
        *On Azure, create an inbound rule on NSG allowing my tunnel
        *On Azure, create a route table, tunnel next hop = pfsense (associate to the subnet)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.