• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NAT network over OpenVPN

Scheduled Pinned Locked Moved OpenVPN
5 Posts 3 Posters 548 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    alex19damian
    last edited by Apr 16, 2020, 1:47 AM

    Hello, I appreciate a hand with how to unlock me.
    Request:
    Build a vpn server behind a firewall with a single interface connected to the lan. Clients through the vpn will connect to this lan as well as to external ones.
    Stage:
    WAN pfsense: class C IP assigned
    IPv4 Tunnel Network: class C / 23 range

    To avoid conflict between clients local network and destination network, I need NAT the whole network, for example to reach the resource on ip 192.168.0.56 the client points to 172.16.8.56.
    I saw the use of NAT 1 to 1 but I can't get it to work like this:
    Interface: VPN (interface aded in interface> add ovpns)
    External subnet IP: 172.16.8.0
    Internal IP: 192.168.0.0/24

    In case you are asking something repeated, I appreciate leaving the link and I close the question.

    J V 2 Replies Last reply Apr 16, 2020, 2:55 AM Reply Quote 0
    • J
      JKnott @alex19damian
      last edited by Apr 16, 2020, 2:55 AM

      @alex19damian

      Is there some reason you can't change the network address of one site? That's what I did here, when I found I was getting conflicts with my VPN. It's easy enough to do.

      Also, address classes have been obsolete for years. These days you just use an appropriate subnet size.

      Did you really mean /23? a C subnet would be a /24

      This is an example of the nonsense we have to put up with, by sticking with IPv4. The proper solution is move to IPv6.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      A 1 Reply Last reply Apr 16, 2020, 4:01 AM Reply Quote 1
      • A
        alex19damian @JKnott
        last edited by alex19damian Apr 16, 2020, 12:17 PM Apr 16, 2020, 4:01 AM

        @JKnott
        A small detail , is a client requirement.
        The network redesign isn’t an option for now.
        Thanks for the reply

        1 Reply Last reply Reply Quote 0
        • V
          viragomann @alex19damian
          last edited by Apr 16, 2020, 6:57 PM

          @alex19damian said in NAT network over OpenVPN:

          I saw the use of NAT 1 to 1 but I can't get it to work like this:
          Interface: VPN (interface aded in interface> add ovpns)
          External subnet IP: 172.16.8.0
          Internal IP: 192.168.0.0/24

          Did you also push the route for 172.16.8.0/24 to the client?

          However, to be honest, I've never done such a crap set up. Change the network range will be the better way to go.

          1 Reply Last reply Reply Quote 1
          • A
            alex19damian
            last edited by Apr 23, 2020, 3:44 PM

            Well, after other issues that were blocking the project, nat for me worked as I described above:
            nterface: VPN (interface aded in interface> add ovpns)
            External subnet IP: 172.16.8.0
            Internal IP: 192.168.0.0/24
            I comment it in case someone comes across the post and it serves.
            Thank you very much for the answers.

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received