Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT for OpenVPN

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dale
      last edited by

      Hi,

      I have a little problem.
      I'm setting up a pfsense with a management vlan and OpenVPN to access it.

      I have it set up like this:
      LAN -> 10.0.0.1\24
      WAN -> ext ip
      MGMT -> 192.168.254.1\24
      OpenVPN -> 192.168.253.0\24

      Client connects to VPN without any problems and get an ip 192.168.253.6

      Also there is a server (192.165.254.2) and a cisco switch (192.168.254.3)

      I have correct access to the server but can't even ping the switch.
      from what I found the switch replys only to addresses on the same subnet and from the server logs I can see that the client connects with 192.168.253.6 ip.

      Is it possible to NAT all OpenVPN traffic without forcing all traffice on the client to go via VPN?

      BR Chris

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        I expect it would work. The NAT goes on the interface where the traffic is leaving pfSense, so put a NAT rule on LAN for traffic with a source address of 192.168.253.0/24 to NAT to LAN address. Then the traffic from OpenVPN clients to LAN should look like it comes from the pfSense LAN IP.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • D
          dale
          last edited by

          Thanks.

          Got this working finally.
          Made a mistake in the outbound rule and that's whats caused the problem.

          BR Chris

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.