NAT for OpenVPN
I have a little problem.
I'm setting up a pfsense with a management vlan and OpenVPN to access it.
I have it set up like this:
LAN -> 10.0.0.1\24
WAN -> ext ip
MGMT -> 192.168.254.1\24
OpenVPN -> 192.168.253.0\24
Client connects to VPN without any problems and get an ip 192.168.253.6
Also there is a server (22.214.171.124) and a cisco switch (192.168.254.3)
I have correct access to the server but can't even ping the switch.
from what I found the switch replys only to addresses on the same subnet and from the server logs I can see that the client connects with 192.168.253.6 ip.
Is it possible to NAT all OpenVPN traffic without forcing all traffice on the client to go via VPN?
I expect it would work. The NAT goes on the interface where the traffic is leaving pfSense, so put a NAT rule on LAN for traffic with a source address of 192.168.253.0/24 to NAT to LAN address. Then the traffic from OpenVPN clients to LAN should look like it comes from the pfSense LAN IP.
Got this working finally.
Made a mistake in the outbound rule and that's whats caused the problem.