NAT through VPN to remoted site

hsv

Hi
I am trying to do the following

                                     NAT to RDP works
                              /  Lan 10.46.127.10/24 

Ext Client (WAN) -> (IP_ext) FW

                              \  S2S(PreShared-172.31.254.0/24) <-> TerminalServer(10.45.127.10/26) 

But NAT directly to 10.45.127.10 do not work
I can see the NAT are used but I cannot see the traffic is going anywhere.
How do I direct it down through then OpenVPN S2S over to the TerminalServer.
From the LAN everything works but not from the NAT

Regards
Henning

netblues

@hsv Can you elaborate what exactly you mean by "from the nat"
A proper network diagram could also help understand the question.

JKnott

@hsv

Why are you using NAT on a VPN?

hsv

Hi @netblues
Thanks for helping

I have made two NATs on the FW

NAT Rule 1) on WAN interface: WAN IP1 to 10.46 .127.10/24 for RDP
NAT Rule 2) on WAN interface: WAN IP2 to 10.45 .127.10/26 for RDP

NAT Rule 1 works
NAT Rule 2 do not work as I cannot get the NAT traffic to go down the OpenVPN tunnel.

I will gladly make a drawing but how do I uploaded it to this forum?

Pub_IP1\ /LAN

            WAN  FW1

Pub_IP2/ \S2S_VPN <-> FW2 <->TS

Both FW1 and FW2 are pfsense 2.4.4p3
S2S_VPN is a PreShared with
FW1_S2Svpn: ip 172.31.254.1/24
FW2: S2Svpn: ip 172.31.254.2/24

Regards
Henning)

Derelict

If you are trying to port forward in from WAN across OpenVPN to a host there you must:

1. Assign an interface to the OpenVPN instance on the target server side
2. Be sure that the incoming connection there is NOT passed by a rule on the OpenVPN tab but IS passed by a rule on the assigned interface tab. This will get you reply-to there and the reply traffic will be routed back through the tunnel.