Force source IP address

bcarnazzi974 · Jun 7, 2019, 12:33 PM

Hello,

I have a rather annoying problem: I have a pfsense installation with 2 interfaces (LAN/WAN) and a site to site OpenVPN tunnel. I need to contact an LDAP server through the OpenVPN tunnel from the host pfsense. When I ping the IP address of the LDAP server from the pfsense, the WAN IP address of the pfsense is used and the destination is never reached (traffic exits through the WAN interface). If I force the source address of the ping (option -S) with the IP address of the LAN interface, it works. Hence my question: how to set up that you must first use the IP address of the LAN interface to reach an X.X.X.X.X.X network from pfsense? NAT does not seem to work because the wrong output interface is choosed. I think something like interface priority...

viragomann · Jun 7, 2019, 12:57 PM

That can be done with Firewall > NAT > Outbound.
Guess, it's still working in automatic mode. So activate the hybrid mode first.
Then add a new rule. At interface select that one you have assigned to the site to site OpenVPN instance, or OpenVPN if you haven't.
At destination enter the IP of the LDAP server and at translation address enter the LAN IP of pfSense.

bcarnazzi974 · Jun 7, 2019, 1:14 PM

Absolute genius :)
It works !
Thanks a lot

sinapseredes · Sep 29, 2022, 4:41 PM

@viragomann , thanks!