1:1 nat
-
My Internet service provider gives me a block of 64 IPv4. How can host a Wireguard VPN server and do 1:1 nat with Pfsense?
-
@erdeed Is the wireguard server pfsense itself or a server behind pfsense?
-
@michmoor I have a server (Proliant DL20 Gen11) and I was wondering if I can install Pfsense on it to host a Wireguard VPN server and do 1:1 nat.
-
@erdeed pfSense can run wireguard and terminate remote clients without issue.
I assume as part of your /26 assignment, pfsense will get a public IP. If so you don't need a 1:1 NAT as there is nothing to NAT. -
@michmoor I have a block of 64 public IP. Can I nat each IP of this block to each clint connected to my server?
-
@erdeed Why would you need to NAT anything if pfsense is the wireguard server (it has the wireguard package installed) and clients connect to pfsense using the public IP given to you by your service provider.
-
@michmoor I see.
The idea by hosting my own VPN is to assign a specific IPv4 from my block to each client that is connected to my server with the wireguard, that way they have that public IP from the block my ISP give. Can achieve this with PFsense? -
@michmoor ??
-
@erdeed Do you want the devices to have public IPs directly? If not 1:1 will forward inbound traffic.
https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html
-
@SteveITS Thank you so much. Let me take a look at this article.