TAP Interface 1:1 NAT How to ?????



  • Hi All.

    I'm trying to find a solution to this dilemma.

    We have several clients with existing networks that we would like to offer secure services from our collocation. So far we have been doing using IPSec on have changed the ip schema of our clients to resolv IP conflicts.

    We now have several large clients sites that need access to these services, but there ip schema conflict with existing ipsec connection we have.

    I'm hopping openVPN can solve this issue. I setup the server with PKI and can connect with a windows client and get access to the services.
    I've configured a test PFsense box to use as a client and can connect to the mail firewall. I can ping my hosted servers from pfsense, but not from any of the lan clients.

    here's the setup I have :

    hosted lan 172.16.123.0/24 –- pfsense---> 216.n.n.n.n----> internet <------- 74.1.1.1 <------ pfsense ---- lan 192.168.1.0/24
                                                      ---->ipsec------------------------------------------------/                                                   
                                                       
                                                       
                                                          \ ----> openVPN---->internet <--------74.1.1.5 <------pfsense -----lan 192.168.1.1/24

    1- can this be done ?
    2 - I found this howto but I have no clue how to do this with two pFsense firewalls can someone help ?

    http://nimlabs.org/~nim/dirtynat.html

    thanks in advance

    Hugues


Log in to reply