Probably a basic question…



  • Hello,

    I wanted to know if pfSense could cover this use case:

    I need a firewall to connect to a remote VPN server as a client thus providing access to the LAN on the other side of the tunnel to the computers behind its LAN interface (over which it is the default gateway and DNS server/forwarder). If site-to-site is a must for this, is it possible to have the pfSense box use a private IP behind a NAT device for its WAN/tunnel interface? Thank you!


  • Rebel Alliance Developer Netgate

    You can do that either way. You can have it be site-to-site, or you can assign the OpenVPN interface as an opt interface and setup NAT rules so that when traffic leaves OpenVPN, it gets NAT applied to the OpenVPN client address, and as long as the remote end doesn't have a route back to your LAN, it should be just how you describe.


Log in to reply