OpenVPN NAT to LAN (internal ip)



  • Hello.

    This is driving me insane - so i have openvpn installed with a tunnel i am currently just testing a full gateway so it will show the public ip of the pfsense (which is a lan/public IP)

    But when i connect to a LAN IP which in this instance is actually public wan ip as its publically accessable i get my openVPN internal IP showing 10.0.80.0/24 as connected and not my external openvpn IP

    Is there a rule i need for the NAT to force all connections to external IP no matter if its internal or not.

    I have tried push routes and so on but makes no difference.



  • I'm a little confused here. When you connect to an OpenVPN server, it assigns you a virtual IP in the same subnet that you defined as the tunnel network. Your assigned OpenVPN IP address should not change based on which interface you connect from. Maybe I'm not understanding your problem.



  • Sorry so for example

    So for LAN on our internal is lets say 55.66.77.0/24

    Our OpenVPN External runs on a carp IP for HA of 55.66.77.254

    Our internal OpenVPN is 10.0.90.0/24

    When i see what my ip is in a bowser im given 55.66.77.254 which is correct and what i want

    When i connect to the VPN and go to a server on the 55.66.77.0/24 it shows the 10.0.90.0/24 connected instead of the public ip 55.66.77.254

    My NAT is

    Interface: WAN
    Sourse Network 10.0.90.0/24

    Translation Address: 55.66.77.254



  • @chrisjmuk said in OpenVPN NAT to LAN (internal ip):

    When i see what my ip is in a bowser

    You mean one of those 'What is my IP address?" websites?



  • Yes.

    I now have it working, i needed to do from LAN to the translation on the NAT under thje WAN NAT Rules

    Another issues now when i disable "Force all client-generated IPv4 traffic through the tunnel." in the OpenVPN settings to only allow the VPN to access 55.66.77.0/24 it wont work.

    I have tried doing a push and setting the gateway and also the "IPv4 Local network(s)"

    But just doesnt want to ping when connected to the VPN and i dont know why, just seems very strange.


  • LAYER 8 Global Moderator

    @chrisjmuk said in OpenVPN NAT to LAN (internal ip):

    I now have it working, i needed to do from LAN to the translation on the NAT under thje WAN NAT Rules

    huh?



  • Yeah I didn't quite understand that either but he seems to have gotten the result he wanted.


  • LAYER 8 Global Moderator

    Have no freaking idea what he is doing - seems like he wants to source nat his vpn users? Just at a loss to why want to do that - just love not knowing what vpn client is connecting to your server ;)

    Firewall rule on the dest device? It has no gateway - or different gateway would be the only reasons I could think of wanting to source nat.

    If it was using a different default gateway, you could just host route on the device.


Log in to reply