Manual outbound NAT of OpenVPN interface does not always work



  • I am currently testing pfsense's ability to maintain an OpenVPN client -> remote server connection and then to have it as its default gateway, with other machines on the LAN accessing the net through pfsense.

    In order for this to be usable, Manual Outbound NAT rule generation is enabled, and a rule has been created for the OpenVPN interface to translate packet source addresses to the OpenVPN interface address. With this, with a test machine on the same LAN as pfsense I can use the internet etc. However, in the OpenVPN server log, I can see the following errors about 3 times a minute:

    Sep 21 22:00:13 2011 us=994604 pfsense/<my public="" ip="" address="">:10141 MULTI: bad source address from client [10.0.0.5], packet dropped</my>
    

    Am I correct in thinking this should be impossible, as pfsense is instructed to rewrite the source address of all packets? 10.0.0.5 is the IP address of the test machine.

    pfsense: 2.0-RELEASE  (amd64) built on Tue Sep 13 17:05:32 EDT 2011.
    Running in: Virtual Box 4.1.2_Ubuntu r38459.

    Thanks for any help.


Log in to reply