OpenVPN NAT to LAN (internal ip)
This is driving me insane - so i have openvpn installed with a tunnel i am currently just testing a full gateway so it will show the public ip of the pfsense (which is a lan/public IP)
But when i connect to a LAN IP which in this instance is actually public wan ip as its publically accessable i get my openVPN internal IP showing 10.0.80.0/24 as connected and not my external openvpn IP
Is there a rule i need for the NAT to force all connections to external IP no matter if its internal or not.
I have tried push routes and so on but makes no difference.
I'm a little confused here. When you connect to an OpenVPN server, it assigns you a virtual IP in the same subnet that you defined as the tunnel network. Your assigned OpenVPN IP address should not change based on which interface you connect from. Maybe I'm not understanding your problem.
Sorry so for example
So for LAN on our internal is lets say 18.104.22.168/24
Our OpenVPN External runs on a carp IP for HA of 22.214.171.124
Our internal OpenVPN is 10.0.90.0/24
When i see what my ip is in a bowser im given 126.96.36.199 which is correct and what i want
When i connect to the VPN and go to a server on the 188.8.131.52/24 it shows the 10.0.90.0/24 connected instead of the public ip 184.108.40.206
My NAT is
Sourse Network 10.0.90.0/24
Translation Address: 220.127.116.11
I now have it working, i needed to do from LAN to the translation on the NAT under thje WAN NAT Rules
Another issues now when i disable "Force all client-generated IPv4 traffic through the tunnel." in the OpenVPN settings to only allow the VPN to access 18.104.22.168/24 it wont work.
I have tried doing a push and setting the gateway and also the "IPv4 Local network(s)"
But just doesnt want to ping when connected to the VPN and i dont know why, just seems very strange.
Yeah I didn't quite understand that either but he seems to have gotten the result he wanted.
Have no freaking idea what he is doing - seems like he wants to source nat his vpn users? Just at a loss to why want to do that - just love not knowing what vpn client is connecting to your server ;)
Firewall rule on the dest device? It has no gateway - or different gateway would be the only reasons I could think of wanting to source nat.
If it was using a different default gateway, you could just host route on the device.