Anyway to implement DNAT and SNAT?
What I need is a rule that looks like this:
TYPE NET1 IFACE NET2
SNAT 192.168.1.0/24 vpn 10.10.11.0/24
DNAT 10.10.11.0/24 vpn 192.168.1.0/24
This is to overcome a network duplication issue where the people VPNing into my network have the same subnet as my internal network.
Depends on the type of VPN. IPsec, no, not without a separate box to do NAT. OpenVPN yes.
Yes I am using OpenVPN so that is certainly good news! Do you happen to have a doc on how to achieve this? While I have found information on google about doing this it almost always involves using iptables to set it up correctly.
Only place I know of it being covered is in the book. http://pfsense.org/book
In short, assign your OpenVPN interfaces, then do NAT on them like any other interface. That's partially covered on the doc site, check the OpenVPN category at doc.pfsense.org.