Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT interface setting VPN provider via OpenVPN client for some of my traffic.

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 523 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lightningbit
      last edited by

      Hi,

      I've a question regarding Outbound NAT when using a VPN provider via OpenVPN for SOME of my traffic.

      Here is my setup in summary :

      I have the following "interfaces" defined :

      [interface name - network port : network]
      WAN - eth0 : DHCP from provider1
      LAN - eth1 : 10.10.2.0/24
      OIF_DMZ - eth2 (opt1) : 10.13.6.0/24
      OIF_GUEST - eth3 (opt2) : 10.12.4.0/24
      WAN2 - eth5 (opt4) : DHCP from provider2
      VPN_OVPNA - ovpnc4 (labelled "VPN_ASU"): DHCP from PIA

      in the future, some VLANs on a trunk interface (eth4)

      As you can see above, I already created a VPN client.
      the VPN client will go out over WAN or WAN2 (so this will change a few times)
      It also created a new gateway automatically "VPN_OVPNA_VPN4"

      The goal is to route traffic for some(!) static hosts in LAN or DMZ out over the VPN_OVPNA interface
      (and in the future, route the traffic from a whole VLAN out over VPN)
      but my main traffic will still go out via WAN by default (so that will remain the default route)

      Outbound NAT mode is set to manual
      I'm confused as to which interface to use with the creation of the outbound NAT rules :
      so I'm supposed to duplicate all existing NAT rules (for each of the above networks, including 127.0.0.0/8) for outbound NAT on the VPN
      the options I have, are of course all the interfaces listed above, and what seems to be a generic interface "OpenVPN"

      In the documentation of the VPN provider, I read that I've to configure "OpenVPN" for the interface.
      In other documentation I read that I've to configure my VPN "interface" (so in my case "VPN_OVPNA") for the interface.

      So what should I take for the interface for the outbound NAT creation?

      Any advice is appreciated

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @lightningbit
        last edited by Bob.Dig

        @lightningbit said in [Outbound NAT interface setting VPN provider

        In other documentation I read that I've to configure my VPN "interface" (so in my case "VPN_OVPNA") for the interface.

        This. And as Source your "LANs", that will use it.

        L 1 Reply Last reply Reply Quote 1
        • L
          lightningbit @Bob.Dig
          last edited by

          @bob-dig said in Outbound NAT interface setting VPN provider via OpenVPN client for some of my traffic.:

          @lightningbit said in [Outbound NAT interface setting VPN provider

          In other documentation I read that I've to configure my VPN "interface" (so in my case "VPN_OVPNA") for the interface.

          This. And as Source your "LANs", that will use it.

          Thanks, I will go that way.

          1 Reply Last reply Reply Quote 0
          • L
            lightningbit
            last edited by lightningbit

            Strange, since I've completed this setup :

            • adding the outbound NAT for the VPN
            • creating the gateway
            • add a dynamic dns entry for the VPN "wan" interface

            some process or something kicked in, because now I get a mail every 15 minutes with in the subject :

            Arpwatch Notification : Cron <root@aureliusgate01> /etc/rc.filter_configure_sync
            

            and the following content in the mail body :

            X-Cron-Env: <SHELL=/bin/sh>
            X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin>
            X-Cron-Env: <HOME=/root>
            X-Cron-Env: <LOGNAME=root>
            X-Cron-Env: <USER=root>
            
            0 addresses deleted.
            0 addresses deleted.
            

            I know this is the cron line with the schedule

            0,15,30,45 	* 	* 	* 	* 	root 	/etc/rc.filter_configure_sync
            

            but I didn't add it or activate it, so it was there already, so I wonder why it now is "active" or sending these mails?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.