How to NAT OpenVPN clients to BINATed IPSEC tunnel?



  • I'm not sure if its NAT related … but its involved here for sure.

    I have some ipsec tunnel, where all my network NATed under my public IP and goes to remote network (BINAT).

    I want OpenVPN clients, that connects to me - also to be nat-ed (able to go to remote network) ... how to do this ?


  • Rebel Alliance Developer Netgate

    You would need an additional Phase 2 where the OpenVPN subnet is included in the "local network" (before NAT)



  • Ok, but pFsense not allowing me 2 2nd phase with same BINAT ip addresses for masq.
    I mean not allow to be both of them online, as on screenshot:

    How i include openvpn to local network?

    Or you mean - setup clients of OpenVPN with address of LAN ?



  • So far - i've just made openVPN as neighbor LAN (LAN - 30.0/24, openvpn 31.0/24), and for BINAT i used 30.0/23 mask - so it working.
    But i'm not sure if this right solution =)


Log in to reply