Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT through OpenVPN? How to set up outbound NAT?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    4 Posts 2 Posters 545 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgtpepperaut
      last edited by

      So diving deeper into the rabbit hole i now have two sites connected via OPENVPN and would like to NAT from SITE A to a device on Site B.

      SITE A: office.mydomain.com / 1.1.1.1 / 192.168.10.0
      SITE B: home.mydomain.com / 2.2.2.2 / 192.168.20.0

      Connected via an openvpn tunnel (192.168.70.0) with static routing set up so when i enter a Subnet IP of Site B on Site A it can be reached without issues and vica versa.

      I also have some NAT set up for some local cameras.
      So office.mydomain.com:8081 redirects to 192.168.10.81:80 (cameras ip) just fine. NATing via 1.1.1.1 to Site A devices works fine.

      Also i have a NAT 8089 to forward to 192.168.20.89:80. This works when at the office but not outside the LAN at Site A.

      What rule/foward do i do need to set up? I have tried "hybrid outbound nat" but apparently did not get the settings right.

      any help would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Are both OpenVPN endpoints pfSense?
        Is it set up as a site-to-site connection?
        And are both the default gateways in the local networks?

        1 Reply Last reply Reply Quote 1
        • S
          sgtpepperaut
          last edited by

          Thanks for the reply. For some odd reason I just got the notification today?!

          Anyways unfortunately pfsense is only running on site A ...site B runs OpenWrt in the router/modem. They are connected with an OpenVpn Tunnel.

          Yes both are the default gateways for their respective locations.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @sgtpepperaut
            last edited by

            @sgtpepperaut said in NAT through OpenVPN? How to set up outbound NAT?:

            Anyways unfortunately pfsense is only running on site A ...site B runs OpenWrt in the router/modem.

            The point here is that pfSense has the the reply-to function, which directs response packets back to the gateway where the requests came from. This function would be helpful at site B.

            Another way to get it work is by adding an outbound NAT rule on site A:
            interface: <that one you have assigned to the site-to-site VPN or even OpenVPN>
            Protocol: TCP (or what you need)
            source: any
            destination: 192.168.20.89, port: 80
            Translation address: Interface address

            However, with that rule in place there is no possibility to determine at the destination host the origin source IP of concerned connections.

            If you don't want that masquerading rule to be applied to connections from site A, copy that rule, and enter the site A LAN at source and check "Do not NAT". Then put the new rule above the other one.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.