Using pfSense's OpenVPN in tun mode with public subnet
I am trying to make OpenVPN with pfsense work using tun mode (layer 3).
VPN IP (WAN) is - 18.104.22.168
I have /29 public subnet to be used with clients - 22.214.171.124/29
Right now, when I connect the client I get 126.96.36.199 IP and default gateway, 188.8.131.52, is pushed to the client.
OK so far so good, however I see traceroutes go to my default gateway and get lost there.
Just in case, I tried to do NAT and all my clients get 184.108.40.206 IP which is not what I want.
I'd like all my clients to have public IP from that dedicated 220.127.116.11/29 subnet. I was able to make this using tap but I want to avoid layer 2 and make this work with tun.
As you can tell from my post, my knowledge here is lacking and I am not sure what to search for/do here.
I suspect I'll need to make some sort of routing on pfSense - traffic from 18.104.22.168/29 subnet (vpn clients) to go through 22.214.171.124 (WAN's) gateway, correct? How would I go about this?
There are automatic NAT rules that get put in place to mask VPN client networks on the way out.
You can override that:
- Navigate to Firewall > NAT, Outbound tab
- Switch to Hybrid Outbound NAT mode and save
- Click Add to top (upward pointing arrow)
- Check "Do Not NAT"
- Interface=WAN, protocol=any
- Set the source to your public subnet (e.g.
- Description="Do not NAT OpenVPN public clients"
- Save, Apply Changes