[SOLVED?]need help for openvpn with NAT ( Port Forward, 1:1 and AON)

  • my config with Pfsense 1.2.3-RELEASE :

                    |           | 16 IP = 80.xx.xx.1 - 80.xx.xx.4 ( sample )
                    |           |
                    | ( Virtual IP ) |            |  
                Pfsense   Pfsense
             |           | |           |NAT ( Port Forward, 1:1 and AON)
             | Main    | | Backup |OPENVPN
             |           | |           |
    | || |              |
                          | ( virtual IP )

    NAT rule :
     80.xx.xx.1:5001 <=>              
     80.xx.xx.1:5002 <=>
     80.xx.xx.1:5003 <=>

    80.xx.xx.2 <=> 10.xx.xx.2
     80.xx.xx.3 <=> 10.xx.xx.3
     80.xx.xx.4 <=> 10.0.2.XX ( 80.xx.xx.4 is output for all 10.0.2.x workstation )

    if i put an openvpn client between router and pfsense i can be connected to
     if i try to connect to openvpn by web and i try to connect to 80.xx.xx.x , i can see packet arrive in pfsense but nothing more…
     i tryed many thing like create openvpn interface etc.... nothing work.

    Could you help me

  • I was not sure my question was very clear, so I try to reformulate it :

    If my OpenVpn client is on the 192.168.0.* network, for example, I can connect to my OpenVpn server by using the address.
    When my OpenVpn client is on the Internet (for example 111.222.xx.xx), obviously I cannot use the address because it belongs to a private network. So I choose one of my 80.x.x.x addresses, for example 80.xx.xx.3 which is nated to 10.xx.xx.3, but then the connecion fails.

    Which address should I use ? 
    Can I use any address in my range (84.xx.xx.1-84.xx.xx.4) ?
    Do I have to reserve an address for OpenVpn Server ? How ?
    Do I have to add a special configuration (adding an interface for example) ?

    Thanks in advance

  • Hi,

    I found a solution to correct my problem but it is a bit strange !

    To connect to OpenVpn using the address 80.xx.xx.3, I have added a port forward NAT:
    80.xx.xx.3:1194 ->

    What do you think about this solution ?
    Could security problems happen ?


Log in to reply