[SOLVED] Turn off NAT on OpenVPN client interface?

gertty · Jul 12, 2020, 4:57 PM

I'm currently using Hybrid Outbound NAT on a pfSense box. I have one physical WAN interface, one LAN interface with several VLANs, and an OpenVPN client to a VPN service that I route some traffic over instead of the WAN.

I would like to setup another VPN client to my own VPS and turn off NAT for just this one ovpnc interface. I'll have static routes on the VPS side so it knows how to reach the subnets on the LAN side of pfSense. I can't figure how to turn off NAT just for the one OVPN client interface.

gertty · Jul 12, 2020, 4:58 PM

...of course the morning after I posted this, I had another idea on a place to check.

In Hybrid Outbound NAT mode, it looks like adding a rule that matches the interface I want to exclude and then checking the "Do not NAT" option for that rule works as you might expect.

Before posting, I was looking for some list of interfaces that were NAT'd or some per-interface firewall rule to disable. Since Hybrid Outbound NAT works so well, I forget it is there and that I can modify the ruleset. I've even used it before to make the local NAT port static for a particular device