Manual (AON) back to Automatic



  • Hello,

    When we setup for the first time out pfsense firewall we had to use AON for connecting to a SIP provider. Now we do not have this issue, and since I have problems with OpenVPN (no internet connection when clients are connected to OpenVPN), I need to "revert" to the default automatic outbound NAT.
    What about the NAT rules that exist now (many). If I switch to Automatic will they recreated?

    Best regards

    Kostas


  • Rebel Alliance Developer Netgate

    If you switch to automatic outbound NAT, your custom rules are then ignored. If NAT still works like you want while in automatic mode, you can then delete any rules on the outbound NAT screen.



  • Thank you.
    I do not need the -custom- AON rules anymore. I guess there won't be deleted? But what about the automatic rules, will they get recreated like if we had set the Automatic one?

    Best regards

    Kostas


  • Rebel Alliance Developer Netgate

    Any rules in the list are manual rules. The automatic rules are hidden and don't show there. If you leave the rules there, it won't hurt anything though.



  • OK. So I just set Automatic NAT and reboot. My main issue is that OpenVPN users do not have Internet access when connected, while users is other pfsense boxes with automatic Outbound NAT can.

    Best regards

    Kostas



  • are you using the option to push all traffic over tunnel for the VPN clients?

    if so, they're reaching your pfsense box, all their traffic is reaching the tunnel and with manual outbound NAT

    you have to create an entry for the tunnel subnet to NAT out to the internet.

    either create the NAT entry manually, or uncheck the box "Force all client generated traffic through the tunnel."
    it's in the settings for your OpenVPN server under 'Tunnel Settings'



  • Thank you for your answer,

    The box "Force all client generated traffic through the tunnel." is unchecked.

    What ιs the manual rule correct form?

    Best regards

    Kostas



  • Do you have DNS servers entered in for the OpenVPN?



  • Yes, and it works at least for company machines name resolution for the road warriors.

    Best

    Kostas


Log in to reply