How to NAT wan pubblic ip to OpenVPN client



  • Hello everybody,
    I have a TUN roadwarrior configuration, server is pfsense and client is Debian.
    Pfsense have two real interface:
    LAN 192.168.3.0/24
    WAN with a pubblic ip adress XXX.XXX.XXX.XXX
    Ovpn 192.168.77.0/24
    the only one client that i have is 192.168.77.6
    On client p-t-p is 192.168.77.5

    On pfsense the interface ovpns1 as inet add 192.168.77.1, to view this I used the command shell beacuse the interface is not present in GUI.

    ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
    options=80000 <linkstate>inet6 fe80::250:56ff:fe93:4bd5%ovpns1 prefixlen 64 scopeid 0x9
    inet 192.168.77.1 –> 192.168.77.2 netmask 0xffffffff
    nd6 options=3 <performnud,accept_rtadv>Opened by PID 13705

    I don't understand what is 192.168.77.2....

    I have followed several tutorials and everything is working well between ovpn client and LAN.
    Now i would like to NAT pubblic ip of pfsense to ovpn client, for example: XXX.XXX.XXX.XXX:22222->192.168.77.66:8088

    I add a rule in Firewall>Nat but does not work.

    this is my route table:

    default xxx.xxx.xxx.1 UGS 0 10519 1500 em0
    xxx.xxx.xxx.0/24 link#1 U 0 25030 1500 em0
    xxx.xxx.xxx.xxx link#1 UHS 0 0 16384 lo0
    127.0.0.1 link#5 UH 0 169 16384 lo0
    192.168.3.0/24 link#2 U 0 109 1500 em1
    192.168.3.1 link#2 UHS 0 50063 16384 lo0
    192.168.77.0/24 192.168.77.2 UGS 0 673 1500 ovpns1
    192.168.77.1 link#9 UHS 0 0 16384 lo0
    192.168.77.2 link#9 UH 0 0 1500 ovpns1

    Any ideas?

    I have notice that if I ping the client from GUI (Dignostic>Ping) it not responding in both interface (LAN and WAN) but if i ping from console it's work. From a LAN machine it's work.

    Last week I tried it with a vpn ipsec, and everything works fine including the nat. But ipsec is computationally too heavy for my application, so I moved to OVPN.

    Have a nice evening,
    Diotta</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>



  • well, I resolved with this post http://forum.pfsense.org/index.php?topic=35445.0

    Works but but I have to assimilate the reason.


Locked