Simple OpenVPN NAT question
-
Hi all,
I have two OpenVPN clients VPN'd into a server at HQ:
Site A - 172.16.20.0/24
Site B - 172.16.30.0/24HQ can ping both sites and both sites can ping each other so the VPN is all good.
However, I need to apply some outbound NAT so that HQ can reach both Site A and Site B on a new translated IP range:
192.168.20.0/24 for Site A
192.168.30.0/24 for Site BIt's been a while since i've played with pfSense and I did do this successfully some time back my lab setup but can't for the life of me remember how I did it!
Any advice would be a real help.
James
-
The NAT would have to be done on the client side. Put 1:1 NAT entries on the OpenVPN interface on the client routers, external subnet = your translated subnet, internal subnet = site a/b real LAN subnet
-
Thanks Jim, would I also need to add an iroute and 'route' for the translated subnet on the server that they are VPN'd into?
-
Yes, you'd route to the translated subnet
