[SOLVED] OpenVpn and NAT for same subnet

  • Hi guys,
    this is my first post and i'm trying to get out from a problem….

    i have a pfsense on X86 machine that has 2 interfaces, one is on a PPPoE ADSL2+ modem connected to internet and another to my LAN.

    The problem was when I want to connect to my home-lan using openvpn and the client is in the same subnet of my home lan.

    I think I have to use some kind of Address Translation to... TRANSLATE my home network subnet to something different trough openvpn interface.

    For example to remote access my i have to digit (on the client side) (o something like that)... that address is translated to the correct address at server side.

    The configuration is intended to use road warrior... not a site-to-site.

    What do you suggest about that? with iptables i have some ideas but the problem is interfacing with pfsense and its capabilities.

    Thanks for support,

    (excuse my english....)

  • Simple, change your home LAN scope to something not used by typical SOHO routers.

  • simple… but not elegant at all :D

    there are any way to do that with pfsense nat ?

    i used to with iptables on linux... never tryed on a bsd system.

    Thanks for reply

  • On my network I've done this with a 1:1 NAT rule (I'm using pfSense 2.0).  If your home network is and your VPN network is and you wanted to translate your home network to for access by the connected system, add a 1:1 NAT rule on OpenVPN interface with external subnet IP, internal subnet (labeled internal IP), and destination

    For this example, in your OpenVPN server configuration, add this to advanced (replace the subnet with the actual subnet you choose to use for the translation):
    push "route";

    With this configuration, would be reachable at, for example.  Depending on where you will be using the VPN, you may want to make sure those two subnets for the VPN are sufficiently unique that you would be unlikely to encounter them elsewhere.  In my case, I made up two random numbers for the second and third group in the subnet IP then used a subnet next to it for the translation subnet.

  • thanks…
    that was so simple... on iptables i had to do some acrobatic things with NETMAP and so on...

    thank you again for the help