[SOLVED?]need help for openvpn with NAT ( Port Forward, 1:1 and AON)



  • my config with Pfsense 1.2.3-RELEASE :

    Web
                          |
                      Router
                    |           | 16 IP = 80.xx.xx.1 - 80.xx.xx.4 ( sample )
                    |           |
                    ||
                          | 192.168.0.254
                          |
                    | 192.168.0.1 ( Virtual IP )
    192.168.0.2 |            |  192.168.0.3  
                Pfsense   Pfsense
             |           | |           |NAT ( Port Forward, 1:1 and AON)
             | Main    | | Backup |OPENVPN
             |           | |           |
             |
    | ||
       10.0.0.2 |              | 10.0.0.3
                   |
    __|
                          | 10.0.0.1 ( virtual IP )
                          |
                        Lan

    NAT rule :
     80.xx.xx.1:5001 <=> 10.0.3.1:5000              
     80.xx.xx.1:5002 <=> 10.0.3.2:5000
     80.xx.xx.1:5003 <=> 10.0.3.3:5000

    80.xx.xx.2 <=> 10.xx.xx.2
     80.xx.xx.3 <=> 10.xx.xx.3
     80.xx.xx.4 <=> 10.0.2.XX ( 80.xx.xx.4 is output for all 10.0.2.x workstation )

    if i put an openvpn client between router and pfsense i can be connected to 192.168.0.1
     if i try to connect to openvpn by web and i try to connect to 80.xx.xx.x , i can see packet arrive in pfsense but nothing more…
     i tryed many thing like create openvpn interface etc.... nothing work.

    Could you help me



  • I was not sure my question was very clear, so I try to reformulate it :

    If my OpenVpn client is on the 192.168.0.* network, for example 192.168.0.50, I can connect to my OpenVpn server by using the 192.168.0.2 address.
    When my OpenVpn client is on the Internet (for example 111.222.xx.xx), obviously I cannot use the 192.168.0.2 address because it belongs to a private network. So I choose one of my 80.x.x.x addresses, for example 80.xx.xx.3 which is nated to 10.xx.xx.3, but then the connecion fails.

    Which address should I use ? 
    Can I use any address in my range (84.xx.xx.1-84.xx.xx.4) ?
    Do I have to reserve an address for OpenVpn Server ? How ?
    Do I have to add a special configuration (adding an interface for example) ?

    Thanks in advance



  • Hi,

    I found a solution to correct my problem but it is a bit strange !

    To connect to OpenVpn using the address 80.xx.xx.3, I have added a port forward NAT:
    80.xx.xx.3:1194 -> 127.0.0.1:1194

    What do you think about this solution ?
    Could security problems happen ?

    Thx


Log in to reply