Using pfSense's OpenVPN in tun mode with public subnet
-
Hi folks,
I am trying to make OpenVPN with pfsense work using tun mode (layer 3).VPN IP (WAN) is - 1.1.1.1
I have /29 public subnet to be used with clients - 2.2.2.0/29Right now, when I connect the client I get 2.2.2.2 IP and default gateway, 2.2.2.1, is pushed to the client.
OK so far so good, however I see traceroutes go to my default gateway and get lost there.
Just in case, I tried to do NAT and all my clients get 1.1.1.1 IP which is not what I want.
I'd like all my clients to have public IP from that dedicated 2.2.2.0/29 subnet. I was able to make this using tap but I want to avoid layer 2 and make this work with tun.
As you can tell from my post, my knowledge here is lacking and I am not sure what to search for/do here.
I suspect I'll need to make some sort of routing on pfSense - traffic from 2.2.2.0/29 subnet (vpn clients) to go through 1.1.1.1 (WAN's) gateway, correct? How would I go about this?Thanks!
-
There are automatic NAT rules that get put in place to mask VPN client networks on the way out.
You can override that:
- Navigate to Firewall > NAT, Outbound tab
- Switch to Hybrid Outbound NAT mode and save
- Click Add to top (upward pointing arrow)
- Check "Do Not NAT"
- Interface=WAN, protocol=any
- Set the source to your public subnet (e.g.
2.2.2.0/29
) - Destination=Any
- Description="Do not NAT OpenVPN public clients"
- Save, Apply Changes