Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Client > pfsense WAN <nat>> Opt1 > OpenVPN client</nat>

    NAT
    2
    5
    9503
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bachi last edited by

      Hello pfsense world. :)

      I have pfsense 1.2.3 as my internet gateway. I have WAN, LAN and OPT1 interface. OPT1 is for OpenVPN. When I forward port in NAT pointing to device which is sitting on LAN network, pfsense works fine, and external clients can access resources on that device.

      Problem is, when I want to forward port to OpenVPN client, after applying settings, nothing happens.

      What am I doing wrong?

      Here is my NAT table:

      10.10.10.33 is IP adress of one OpenVPN Client connected to OpenVPN Server.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        Are you forcing all traffic of the client to go though the VPN tunnel?
        Unless you do, this is what is probably happening:

        • External users connects to your pfSense.
        • Packets are forwarded to your OpenVPN client.
        • Since the source is a public IP, and you're not forcing everything through the tunnel, the client answers directly via it's default gateway.

        To solve this:

        • Force all traffic from the OpenVPN client into the tunnel (redir def1)
        • Source NAT on the pfSense so it seems to the OpenVPN client that the requests come from the pfSense and answers correctly.
        1 Reply Last reply Reply Quote 0
        • B
          bachi last edited by

          @GruensFroeschli:

          Are you forcing all traffic of the client to go though the VPN tunnel?

          No.

          • External users connects to your pfSense.
          • Packets are forwarded to your OpenVPN client.
          • Since the source is a public IP, and you're not forcing everything through the tunnel, the client answers directly via it's default gateway.

          It seems so, now I understand why does not work and thanks for that.

          • Source NAT on the pfSense so it seems to the OpenVPN client that the requests come from the pfSense and answers correctly.

          How to do that? Firewall / NAT / Outbound? What should I do with Automatic outbound rule? Leave that way or change to manual? What to enter in outbound rules to make sure that my LAN subnet won't be cuted of from Internet?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschli
            GruensFroeschli last edited by

            Enable manual outbound rule generation.

            Per default there will be an auto-generated rule to NAT outbound traffic from the LAN to the WAN.
            You need to create a new rule with:
            interface: openVPN-interface
            source: any
            destination: server you NAT to

            1 Reply Last reply Reply Quote 0
            • B
              bachi last edited by

              10x, I will try that and let you know if it works of not. :D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy