How can I see the Outbound NAT rules that are automatically created?
-
I have set up an OpenVPN-Server on pfSense and almost everything works fine exept for the fact that Roadwarriors do not have access to the internet via the VPN-Tunnel. They can use my LAN-Ressources but they cannot connect to any internet site neither by names nor by ip-addresses (so it is no DNS problem).
I have found out that this has to do with the Settings in Firewall > NAT > Outbound.
When I choose "Automatic outbound NAT rule generation" it solves the issue and the connected OpenVPN-Clients can surf the Internet via the VPN-Tunnel.
But for some reasons I have to use "Manual Outbound NAT rule generation". The problem is that I cannot figure out what rule I have to create that allows remotely connected OpenVPN-clients connected to my pfSense box to use my WAN connection in order to surf the internet.
So my questions are:
-
Is there a way I can see what rules are automatically created when "Automatic outbound NAT rule generation" is active?
-
Or can you give me hints what rule(s) I have to create for outbound NAT to solve my problem?
:) Seems that I just found it out myself: I added an outbound NAT-rule for the WAN interface with 10.8.0.0/24 (this is my tunnel network) as source with the WAN Address as NAT Address and now my roadwarriors can surf through the tunnel. I am quite sure that I tested this rule a hundred times before without any success. But now it works. Very strange…
-
-
For others that are curious, while you're on Automatic Outbound NAT, you can see the automatic rules using Diagnostics > Command:
grep tonatsubnets /tmp/rules.debug
On pfSense 2.2 the automatic rules are listed even when you're in automatic mode so that won't be necessary.