4. Simple OpenVPN NAT question

Simple OpenVPN NAT question

  • J

    Hi all,

    I have two OpenVPN clients VPN'd into a server at HQ:

    Site A - 172.16.20.0/24
    Site B - 172.16.30.0/24

    HQ can ping both sites and both sites can ping each other so the VPN is all good.

    However, I need to apply some outbound NAT so that HQ can reach both Site A and Site B on a new translated IP range:

    192.168.20.0/24 for Site A
    192.168.30.0/24 for Site B

    It's been a while since i've played with pfSense and I did do this successfully some time back my lab setup but can't for the life of me remember how I did it!

    Any advice would be a real help.

    James

    0
  • Rebel Alliance Developer Netgate

    The NAT would have to be done on the client side. Put 1:1 NAT entries on the OpenVPN interface on the client routers, external subnet = your translated subnet, internal subnet = site a/b real LAN subnet

    0
  • J

    Thanks Jim, would I also need to add an iroute and 'route' for the translated subnet on the server that they are VPN'd into?

    0
  • Rebel Alliance Developer Netgate

    Yes, you'd route to the translated subnet

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy