NAT through OPENVPN Tunnel



  • So  i no static ip address at my office but i do have highspeed and i want to run exchange

    So i was wondring if i can used my data center pfsense and vpn tunnel to get the static ip address from my data center for my office used

    office server=====office pfsense=====openvpnclient========datacenter pfsense=====servers
    10.1.4.x                  non static ip                                                        static ipaddress              10.1.40.xxx

    Can i do nat so

    my static ipaddress nat to my office servers

    my my outgoing from my office servers or pc would show that it come from my datacenter ipaddress

    Speed is not an issues i have fast connect on both end



  • I would prefer another solution:

    • Run the Exchange in your datacenter and access it remote (over https) or

    • Use a dynamic DNS service for the office

    So i was wondring if i can used my data center pfsense and vpn tunnel to get the static ip address from my data center for my office used

    However, in principle this would work also. I can't see a reason why it shouldn't if you care that the tunnel has static IPs and you set up appropriate rules.



  • @viragomann:

    I would prefer another solution:

    • Run the Exchange in your datacenter and access it remote (over https) or

    • Use a dynamic DNS service for the office

    So i was wondring if i can used my data center pfsense and vpn tunnel to get the static ip address from my data center for my office used

    However, in principle this would work also. I can't see a reason why it shouldn't if you care that the tunnel has static IPs and you set up appropriate rules.

    This, for sure. You certainly can NAT through OpenVPN, but in your case that would be a little hoaky. Like the quote says I would put the Exchange server at the DataCenter or use DynDNS at the office location to complete this task.


  • Rebel Alliance Developer Netgate

    To get the behavior you want with OpenVPN, where reply-to sends the packets back the way they came in, you'll need to do the following (on the receiving side):

    1. Assign/enable the OpenVPN interface from Interfaces > (assign). Set it to an IP type of 'none'
    2. Restart the VPN (edit/save)
    3. Move firewall rules from the OpenVPN tab to the new interface tab. No rules on the OpenVPN tab can match the traffic.


Log in to reply