OpenVPN P2P NAT problem



  • Hi,

    My pfsense 2.4.4 is connected as client to remote OpenVPN server in Peer to Peer mode.

    Remote server ip 10.8.0.1, pfsense client ip 10.8.0.2.
    I need to access remote server SSH. It is working fine when I first SSH to pfsense console and do: ssh 10.8.0.1.

    I'm trying to setup NAT for pfsense 192.168.1.6 (pfsense LAN ip) : 33022 to 10.8.0.1 : 22. After 2 days of trying countless combinations still no luck.

    Any help is appreciated.

    /Thanks


  • Rebel Alliance

    You have overlapping Subnets or why do you want to use NAT?
    Just add or push the Route from the Server Side Subnet to your Client pfSense, get Firewall Rules in place and thats it.

    -Rico


  • Netgate

    You are not guaranteed to be able to do anything with a destination of an OpenVPN tunnel address. ssh to the LAN address on the other side instead.

    Add the other side's LAN as a Remote Network (and vice versa on the other side)
    Be sure the other side's OpenVPN firewall rules pass the ssh traffic.



  • @derelict said in OpenVPN P2P NAT problem:

    You are not guaranteed to be able to do anything with a destination of an OpenVPN tunnel address. ssh to the LAN address on the other side instead.

    Add the other side's LAN as a Remote Network (and vice versa on the other side)
    Be sure the other side's OpenVPN firewall rules pass the ssh traffic.

    Hi, thanks for answers. Not the one I hoped for though.
    It's the same subnet on both sides :-( a lot of work to move as many devices has static ip. But I guess if it's only solution then it has to be done.

    (Still strange I can't NAT to remote VPN IP because I can reach it from pfsense console)

    Thanks!


  • Netgate

    Well, can you SSH to the tunnel address from the other side? Meaning from the other side's LAN to the other side's tunnel address?

    If so, that means sshd is listening on and can receive connections on that address so it should work.

    You would want to assign an interface to the OpenVPN instance on the connecting side and set up outbound NAT on OpenVPN for the proper sources to the ssh on the other side.

    I don't see any reason that should not work if sshd can receive connections there as described above.