Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT network over OpenVPN

    OpenVPN
    3
    5
    532
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alex19damian
      last edited by

      Hello, I appreciate a hand with how to unlock me.
      Request:
      Build a vpn server behind a firewall with a single interface connected to the lan. Clients through the vpn will connect to this lan as well as to external ones.
      Stage:
      WAN pfsense: class C IP assigned
      IPv4 Tunnel Network: class C / 23 range

      To avoid conflict between clients local network and destination network, I need NAT the whole network, for example to reach the resource on ip 192.168.0.56 the client points to 172.16.8.56.
      I saw the use of NAT 1 to 1 but I can't get it to work like this:
      Interface: VPN (interface aded in interface> add ovpns)
      External subnet IP: 172.16.8.0
      Internal IP: 192.168.0.0/24

      In case you are asking something repeated, I appreciate leaving the link and I close the question.

      JKnottJ V 2 Replies Last reply Reply Quote 0
      • JKnottJ
        JKnott @alex19damian
        last edited by

        @alex19damian

        Is there some reason you can't change the network address of one site? That's what I did here, when I found I was getting conflicts with my VPN. It's easy enough to do.

        Also, address classes have been obsolete for years. These days you just use an appropriate subnet size.

        Did you really mean /23? a C subnet would be a /24

        This is an example of the nonsense we have to put up with, by sticking with IPv4. The proper solution is move to IPv6.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        A 1 Reply Last reply Reply Quote 1
        • A
          alex19damian @JKnott
          last edited by alex19damian

          @JKnott
          A small detail , is a client requirement.
          The network redesign isn’t an option for now.
          Thanks for the reply

          1 Reply Last reply Reply Quote 0
          • V
            viragomann @alex19damian
            last edited by

            @alex19damian said in NAT network over OpenVPN:

            I saw the use of NAT 1 to 1 but I can't get it to work like this:
            Interface: VPN (interface aded in interface> add ovpns)
            External subnet IP: 172.16.8.0
            Internal IP: 192.168.0.0/24

            Did you also push the route for 172.16.8.0/24 to the client?

            However, to be honest, I've never done such a crap set up. Change the network range will be the better way to go.

            1 Reply Last reply Reply Quote 1
            • A
              alex19damian
              last edited by

              Well, after other issues that were blocking the project, nat for me worked as I described above:
              nterface: VPN (interface aded in interface> add ovpns)
              External subnet IP: 172.16.8.0
              Internal IP: 192.168.0.0/24
              I comment it in case someone comes across the post and it serves.
              Thank you very much for the answers.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.