3. Force source IP address

Force source IP address

  • B

    Hello,

    I have a rather annoying problem: I have a pfsense installation with 2 interfaces (LAN/WAN) and a site to site OpenVPN tunnel. I need to contact an LDAP server through the OpenVPN tunnel from the host pfsense. When I ping the IP address of the LDAP server from the pfsense, the WAN IP address of the pfsense is used and the destination is never reached (traffic exits through the WAN interface). If I force the source address of the ping (option -S) with the IP address of the LAN interface, it works. Hence my question: how to set up that you must first use the IP address of the LAN interface to reach an X.X.X.X.X.X network from pfsense? NAT does not seem to work because the wrong output interface is choosed. I think something like interface priority...

    0
  • V

    That can be done with Firewall > NAT > Outbound.
    Guess, it's still working in automatic mode. So activate the hybrid mode first.
    Then add a new rule. At interface select that one you have assigned to the site to site OpenVPN instance, or OpenVPN if you haven't.
    At destination enter the IP of the LDAP server and at translation address enter the LAN IP of pfSense.

    1
  • B

    Absolute genius :)
    It works !
    Thanks a lot

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy