Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT problem when openvpn connection from inside the LAN is made.

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Doe.John
      last edited by

      Hi!

      First of all, great product. I installed pfsense on an ALIX board to serve as a VDSL (50mbit/10mbit) router and so far it works great. There's only one thing I can't get my head around. I already asked this on #pfsense ( Thanks again Valen), maybe somebody here knows a way.

      Setup:
      pfsense 1.2.2  embedded (192.168.0.1) connects via PPOE on vr1.
      ubuntu server (192.168.0.2) is connected to pfsense via vr0.
      ubuntu client (192.168.0.10) is connected to pfsense via ath0
      Windows Client (192.168.0.20) is connected via Virtual Machine on the ubuntu server.
      The ubuntu server has a ssh and apache server that serve the world via NAT. Everything is working fine this way.

      Now, in addition to that I want to establish a VPN Connection from the ubuntu server (192.168.0.2) to a server on the internet. This is also working fine via openvpn installed and running on the ubuntu server. What is not working, is the NAT. Neither the ssh server nor the apache are responding anymore. Both the apache and the ssh server are still working when the connection is established from the ubuntu client within the LAN though.

      Curious whether this a linux routing problem I started Windows XP in Virtual Machine and tested the same scenario. Result: telnet was not going through to the XP client after I established the VPN Connection, before it was. Tested and confirmed.

      So, any ideas why pfsense is obviously not routing the packages coming from the NAT to the client, when a vpn connection is made, but does so for a connection from the LAN?

      Bottom Line: outgoing traffic from the ubuntu server should take the vpn connection, incoming connection from LAN or WAN should take the "normal route".

      Thanks for any advice on this topic.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Are you using the redirect dev1 option on this OpenVPN tunnel?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • D
          Doe.John
          last edited by

          Here is the openvpn config File I'm using. So unless it is in some other file, I'd say no.  ;)

          client
dev tun
remote xxx.xxx.xxx 1149
proto udp
tun-mtu 1500
fragment 1300
mssfix
float
reneg-sec 86400
resolv-retry infinite
nobind
persist-key
persist-tun
route-method exe
route-delay 2
ca xxx.crt
cert xxx.crt
key xxx.key
tls-auth xxx.key 1
cipher AES-256-CBC
comp-lzo
verb 4
ns-cert-type server
auth-user-pass
inactive 604800
ping 5
ping-restart 60
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.