Outbound rule for openvpn needed?
-
Hello,
First post here.
I configured an ssl openvpn connection to remote multihomed clients in a production environment, but for various reasons I am unable use the netgate as a default gateway on any of the remote clients, or make any changes to their ip configurations. Basically, they need to have default gateway on a separate subnet.
I have an sg1100, setup with like so:
172.16.0.0/24 as the LAN network
172.16.10.0/24 as the vpn poolI can connect to the vpn server remote, and ping the LAN interface but am unable to get replies back from anything on that same 172.16.0.0/24 subnet. Wireshark shows the echo requests hitting the remote servers, but no response found from there.
On test stacks, I have added the netgate as a gateway on the remote clients and confirmed that layer 3 works this way, just does not when there is no gateway present.
I am fairly sure this can be resolved with an outbound NAT rule, but so far I have not had any luck with adding rules. I am not new to networking, but new to pfsense.
Anyone got any ideas on this? Let me know if you need any more details or have any ideas, and thank you in advance for any help.
-
@higuyshello
So the pfSense box is NOT the default gateway in the LAN, I guess?If so, yes, you can solve it by an outbound NAT rule, but this is a hack indeed. It leads the LAN devices believe that the access is coming from inside the LAN.
If the VPN is for your own purposes only there are no concerns. -
@viragomann yup, understood.
I figured out the NAT rule on the UI, was just looking at it the wrong way previously.