Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OPENVPN NAT for bypass router restriction

    NAT
    2
    2
    758
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      condortek
      last edited by

      Hi all, I have a pfsense with subnet WAN=1, LAN=2, OPENVPN=3, a ROUTER with an ip on LAN that have access to subnet 4, 5, 6, 7, etc.
      I have access from subnet 3 to subnet 2, but not to subnet 4, 5, 6, 7, etc. I believe router is blocking that access.

      Actually, if I try to ping from subnet 5 to subnet 3 is replying ok, but cannot ping from subnet 3 to 5, say: Time to live exceeded .

      Is it possible to create a virtual ip on lan, and do some NAT configuration in pfsense to bypass the router block?
      thanks a lot.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Post a network diagram so we can be sure what we are talking about.
        I guess when you set up the OpenVPN server (3) you put all the local subnets (2,4,5,6,7,…) in the "Local Subnet/s" box. Or you are redirecting all traffic from clients to the OpenVPN.

        Do a traceroute from and OpenVPN client to subnet 5 - that will show where the packet is going (around in a loop somewhere maybe).

        If the router inside your LAN (that routes from 2 to 4,5,6,7...) is blocking traffic originating from OpenVPN (3) tunnel network, then why not change that router config so it passes the traffic?

        Otherwise, yes you can add an Outbound NAT rule on LAN that will NAT traffic with source "OpenVPN tunnel subnet" to the pfSense LAN IP. That will hide the OpenVPN tunnel network addresses from the inside router.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.