Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED?]need help for openvpn with NAT ( Port Forward, 1:1 and AON)

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 1 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      takilar
      last edited by

      my config with Pfsense 1.2.3-RELEASE :

      Web
                            |
                        Router
                      |           | 16 IP = 80.xx.xx.1 - 80.xx.xx.4 ( sample )
                      |           |
                      ||
                            | 192.168.0.254
                            |
                      | 192.168.0.1 ( Virtual IP )
      192.168.0.2 |            |  192.168.0.3  
                  Pfsense   Pfsense
               |           | |           |NAT ( Port Forward, 1:1 and AON)
               | Main    | | Backup |OPENVPN
               |           | |           |
               |
      | ||
         10.0.0.2 |              | 10.0.0.3
                     |
      __|
                            | 10.0.0.1 ( virtual IP )
                            |
                          Lan

      NAT rule :
       80.xx.xx.1:5001 <=> 10.0.3.1:5000              
       80.xx.xx.1:5002 <=> 10.0.3.2:5000
       80.xx.xx.1:5003 <=> 10.0.3.3:5000

      80.xx.xx.2 <=> 10.xx.xx.2
       80.xx.xx.3 <=> 10.xx.xx.3
       80.xx.xx.4 <=> 10.0.2.XX ( 80.xx.xx.4 is output for all 10.0.2.x workstation )

      if i put an openvpn client between router and pfsense i can be connected to 192.168.0.1
       if i try to connect to openvpn by web and i try to connect to 80.xx.xx.x , i can see packet arrive in pfsense but nothing more…
       i tryed many thing like create openvpn interface etc.... nothing work.

      Could you help me

      1 Reply Last reply Reply Quote 0
      • T
        takilar
        last edited by

        I was not sure my question was very clear, so I try to reformulate it :

        If my OpenVpn client is on the 192.168.0.* network, for example 192.168.0.50, I can connect to my OpenVpn server by using the 192.168.0.2 address.
        When my OpenVpn client is on the Internet (for example 111.222.xx.xx), obviously I cannot use the 192.168.0.2 address because it belongs to a private network. So I choose one of my 80.x.x.x addresses, for example 80.xx.xx.3 which is nated to 10.xx.xx.3, but then the connecion fails.

        Which address should I use ? 
        Can I use any address in my range (84.xx.xx.1-84.xx.xx.4) ?
        Do I have to reserve an address for OpenVpn Server ? How ?
        Do I have to add a special configuration (adding an interface for example) ?

        Thanks in advance

        1 Reply Last reply Reply Quote 0
        • T
          takilar
          last edited by

          Hi,

          I found a solution to correct my problem but it is a bit strange !

          To connect to OpenVpn using the address 80.xx.xx.3, I have added a port forward NAT:
          80.xx.xx.3:1194 -> 127.0.0.1:1194

          What do you think about this solution ?
          Could security problems happen ?

          Thx

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.