Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Advice for OpenVPN w/ Outgoing NAT

    OpenVPN
    2
    3
    4844
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Helix26404 last edited by

      To those of us who have multi-WAN interfaces that are using OpenVPN:

      If you are using outbound NAT to map certain subnets or computers/hosts to certain WAN gateways, you need to add an explicit firewall rule on the LAN interface to permit traffic from any source (or certain networks/hosts) on your LAN to the OPVN interface address and the remote network. A default rule "permit all" will NOT work because of the outbound NAT rules.

      For instance, in my scenario:

      172.16.10.0/24 - Local (Interface) LAN subnet
      172.16.20.0/24 - Local (VoIP) LAN subnet
      172.16.30.0/24 - Local (Data) LAN subnet

      Each of these subnets come through ONE interface (the pfSense LAN interface).

      172.16.40.0/24 - pfSense OpenVPN interface network

      192.168.1.0/24 - Remote OpenVPN network

      See the attached image for working firewall rules.

      Hope this helps someone. I wish I would have known this before my experience!


      1 Reply Last reply Reply Quote 0
      • H
        Helix26404 last edited by

        I couldn't figure out how to edit my post, but I had one more thing to say.

        The key to the firewall rules:

        • They have to come before your outgoing NAT rules (depicted in the picture).
        • You must choose "default" for the gateway, so that pfSense can access its internal route table to know where to forward the traffic. Otherwise, it will head out one of the WAN interfaces.
        1 Reply Last reply Reply Quote 0
        • H
          HICHAMB last edited by

          Hello Helix26404,

          Afer 2 weeks of forums searchs and configs changing, i find your post and i do the change and all works fine.

          Tahnk you very much Helix26404, maybe your post must be introduced to the main pfsense-openvpn tutorials.

          HICHAMB

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy