How can I see the Outbound NAT rules that are automatically created?
I have set up an OpenVPN-Server on pfSense and almost everything works fine exept for the fact that Roadwarriors do not have access to the internet via the VPN-Tunnel. They can use my LAN-Ressources but they cannot connect to any internet site neither by names nor by ip-addresses (so it is no DNS problem).
I have found out that this has to do with the Settings in Firewall > NAT > Outbound.
When I choose "Automatic outbound NAT rule generation" it solves the issue and the connected OpenVPN-Clients can surf the Internet via the VPN-Tunnel.
But for some reasons I have to use "Manual Outbound NAT rule generation". The problem is that I cannot figure out what rule I have to create that allows remotely connected OpenVPN-clients connected to my pfSense box to use my WAN connection in order to surf the internet.
So my questions are:
Is there a way I can see what rules are automatically created when "Automatic outbound NAT rule generation" is active?
Or can you give me hints what rule(s) I have to create for outbound NAT to solve my problem?
:) Seems that I just found it out myself: I added an outbound NAT-rule for the WAN interface with 10.8.0.0/24 (this is my tunnel network) as source with the WAN Address as NAT Address and now my roadwarriors can surf through the tunnel. I am quite sure that I tested this rule a hundred times before without any success. But now it works. Very strange…
For others that are curious, while you're on Automatic Outbound NAT, you can see the automatic rules using Diagnostics > Command:
grep tonatsubnets /tmp/rules.debug
On pfSense 2.2 the automatic rules are listed even when you're in automatic mode so that won't be necessary.