Using pfSense's OpenVPN in tun mode with public subnet
I am trying to make OpenVPN with pfsense work using tun mode (layer 3).
VPN IP (WAN) is - 220.127.116.11
I have /29 public subnet to be used with clients - 18.104.22.168/29
Right now, when I connect the client I get 22.214.171.124 IP and default gateway, 126.96.36.199, is pushed to the client.
OK so far so good, however I see traceroutes go to my default gateway and get lost there.
Just in case, I tried to do NAT and all my clients get 188.8.131.52 IP which is not what I want.
I'd like all my clients to have public IP from that dedicated 184.108.40.206/29 subnet. I was able to make this using tap but I want to avoid layer 2 and make this work with tun.
As you can tell from my post, my knowledge here is lacking and I am not sure what to search for/do here.
I suspect I'll need to make some sort of routing on pfSense - traffic from 220.127.116.11/29 subnet (vpn clients) to go through 18.104.22.168 (WAN's) gateway, correct? How would I go about this?
There are automatic NAT rules that get put in place to mask VPN client networks on the way out.
You can override that:
- Navigate to Firewall > NAT, Outbound tab
- Switch to Hybrid Outbound NAT mode and save
- Click Add to top (upward pointing arrow)
- Check "Do Not NAT"
- Interface=WAN, protocol=any
- Set the source to your public subnet (e.g.
- Description="Do not NAT OpenVPN public clients"
- Save, Apply Changes