NAT network over OpenVPN
-
Hello, I appreciate a hand with how to unlock me.
Request:
Build a vpn server behind a firewall with a single interface connected to the lan. Clients through the vpn will connect to this lan as well as to external ones.
Stage:
WAN pfsense: class C IP assigned
IPv4 Tunnel Network: class C / 23 rangeTo avoid conflict between clients local network and destination network, I need NAT the whole network, for example to reach the resource on ip 192.168.0.56 the client points to 172.16.8.56.
I saw the use of NAT 1 to 1 but I can't get it to work like this:
Interface: VPN (interface aded in interface> add ovpns)
External subnet IP: 172.16.8.0
Internal IP: 192.168.0.0/24In case you are asking something repeated, I appreciate leaving the link and I close the question.
-
Is there some reason you can't change the network address of one site? That's what I did here, when I found I was getting conflicts with my VPN. It's easy enough to do.
Also, address classes have been obsolete for years. These days you just use an appropriate subnet size.
Did you really mean /23? a C subnet would be a /24
This is an example of the nonsense we have to put up with, by sticking with IPv4. The proper solution is move to IPv6.
-
@JKnott
A small detail , is a client requirement.
The network redesign isn’t an option for now.
Thanks for the reply -
@alex19damian said in NAT network over OpenVPN:
I saw the use of NAT 1 to 1 but I can't get it to work like this:
Interface: VPN (interface aded in interface> add ovpns)
External subnet IP: 172.16.8.0
Internal IP: 192.168.0.0/24Did you also push the route for 172.16.8.0/24 to the client?
However, to be honest, I've never done such a crap set up. Change the network range will be the better way to go.
-
Well, after other issues that were blocking the project, nat for me worked as I described above:
nterface: VPN (interface aded in interface> add ovpns)
External subnet IP: 172.16.8.0
Internal IP: 192.168.0.0/24
I comment it in case someone comes across the post and it serves.
Thank you very much for the answers.