How to NAT OpenVPN clients to BINATed IPSEC tunnel?

warpil

I'm not sure if its NAT related … but its involved here for sure.

I have some ipsec tunnel, where all my network NATed under my public IP and goes to remote network (BINAT).

I want OpenVPN clients, that connects to me - also to be nat-ed (able to go to remote network) ... how to do this ?

jimp

You would need an additional Phase 2 where the OpenVPN subnet is included in the "local network" (before NAT)

warpil

Ok, but pFsense not allowing me 2 2nd phase with same BINAT ip addresses for masq.
I mean not allow to be both of them online, as on screenshot:

How i include openvpn to local network?

Or you mean - setup clients of OpenVPN with address of LAN ?

warpil

So far - i've just made openVPN as neighbor LAN (LAN - 30.0/24, openvpn 31.0/24), and for BINAT i used 30.0/23 mask - so it working.
But i'm not sure if this right solution =)