Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT problem when openvpn connection from inside the LAN is made.

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Doe.John
      last edited by

      Hi!

      First of all, great product. I installed pfsense on an ALIX board to serve as a VDSL (50mbit/10mbit) router and so far it works great. There's only one thing I can't get my head around. I already asked this on #pfsense ( Thanks again Valen), maybe somebody here knows a way.

      Setup:
      pfsense 1.2.2  embedded (192.168.0.1) connects via PPOE on vr1.
      ubuntu server (192.168.0.2) is connected to pfsense via vr0.
      ubuntu client (192.168.0.10) is connected to pfsense via ath0
      Windows Client (192.168.0.20) is connected via Virtual Machine on the ubuntu server.
      The ubuntu server has a ssh and apache server that serve the world via NAT. Everything is working fine this way.

      Now, in addition to that I want to establish a VPN Connection from the ubuntu server (192.168.0.2) to a server on the internet. This is also working fine via openvpn installed and running on the ubuntu server. What is not working, is the NAT. Neither the ssh server nor the apache are responding anymore. Both the apache and the ssh server are still working when the connection is established from the ubuntu client within the LAN though.

      Curious whether this a linux routing problem I started Windows XP in Virtual Machine and tested the same scenario. Result: telnet was not going through to the XP client after I established the VPN Connection, before it was. Tested and confirmed.

      So, any ideas why pfsense is obviously not routing the packages coming from the NAT to the client, when a vpn connection is made, but does so for a connection from the LAN?

      Bottom Line: outgoing traffic from the ubuntu server should take the vpn connection, incoming connection from LAN or WAN should take the "normal route".

      Thanks for any advice on this topic.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Are you using the redirect dev1 option on this OpenVPN tunnel?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • D
          Doe.John
          last edited by

          Here is the openvpn config File I'm using. So unless it is in some other file, I'd say no.  ;)

          client
          dev tun
          remote xxx.xxx.xxx 1149
          proto udp
          tun-mtu 1500
          fragment 1300
          mssfix
          float
          reneg-sec 86400
          resolv-retry infinite
          nobind
          persist-key
          persist-tun
          route-method exe
          route-delay 2
          ca xxx.crt
          cert xxx.crt
          key xxx.key
          tls-auth xxx.key 1
          cipher AES-256-CBC
          comp-lzo
          verb 4
          ns-cert-type server
          auth-user-pass
          inactive 604800
          ping 5
          ping-restart 60
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.