NAT for OpenVPN



  • Hi,

    I have a little problem.
    I'm setting up a pfsense with a management vlan and OpenVPN to access it.

    I have it set up like this:
    LAN -> 10.0.0.1\24
    WAN -> ext ip
    MGMT -> 192.168.254.1\24
    OpenVPN -> 192.168.253.0\24

    Client connects to VPN without any problems and get an ip 192.168.253.6

    Also there is a server (192.165.254.2) and a cisco switch (192.168.254.3)

    I have correct access to the server but can't even ping the switch.
    from what I found the switch replys only to addresses on the same subnet and from the server logs I can see that the client connects with 192.168.253.6 ip.

    Is it possible to NAT all OpenVPN traffic without forcing all traffice on the client to go via VPN?

    BR Chris



  • I expect it would work. The NAT goes on the interface where the traffic is leaving pfSense, so put a NAT rule on LAN for traffic with a source address of 192.168.253.0/24 to NAT to LAN address. Then the traffic from OpenVPN clients to LAN should look like it comes from the pfSense LAN IP.



  • Thanks.

    Got this working finally.
    Made a mistake in the outbound rule and that's whats caused the problem.

    BR Chris


Log in to reply