No access from lan
-
I have set up a client vpn and added "route 208.85.40.80 255.255.255.0 5.18.192.1;"
The route was added to my routing table, when I tracerouted from the pfsence console or web interface it correctly sent traffic out the 5.18.192.1 gateway.
traceroute to 208.85.40.80 (208.85.40.80), 64 hops max, 40 byte packets
1 5.18.192.1 (5.18.192.1) 167.806 ms 167.976 ms 168.025 ms
2 209.144.203.65 (209.144.203.65) 168.778 ms 169.311 ms 169.194 ms
3 comcast-net.lay.savvis.net (208.172.41.162) 171.222 ms 170.238 ms 170.947 ms
4 pos-2-13-0-0-cr01.sanjose.ca.ibone.comcast.net (68.86.86.205) 180.531 ms 180.335 ms 180.069 ms
5 68.86.87.146 (68.86.87.146) 181.419 ms 181.615 ms 181.563 ms
6 as40428-1.529bryant.ca.ibone.comcast.net (75.149.229.170) 190.405 ms 191.221 ms 179.421 ms
7 www.pandora.com (208.85.40.80) 178.692 ms 179.908 ms 179.058 msThe problem is when I try and traceroute from any of my internal subnets I get the following:
traceroute to 208.85.40.80 (208.85.40.80), 30 hops max, 60 byte packets
1 172.22.22.1 (172.22.22.1) 0.178 ms 0.166 ms 1.808 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
etc….....Any thoughts appreciated.
-
Enable manual outbound NAT and add a rule for WAN that covers the OpenVPN client networks/tunnel networks.
-
Hi still not working.
Outbound nat config:
Interface WAN
Protocol any
Source 5.0.0.0/8 (VPN Subnet)
Destination Any
Translation AnyIs this correct?
Thanks -
Bump
Still can't get this setup to work. I have been mucking around with the outbound NAT with no luck.
Could someone elaborate further on how to set this up.Thanks
lan 172.22.22.0/24
openvpn 5.0.0.0/8 -
All fixed Neil from 12vpn helped me out :
"The important thing is not to put the rule on the WAN interface, but on the OpenVPN interface instead.
If the VPN client is connected when you go to the NAT->Outbound rules you'll have the option to select WAN, LAN and OpenVPN."
BTW, source and destination can both be "any". As long as the interface is set to OpenVPN and the translation address is set to "Interface address".