OPENVPN NAT for bypass router restriction



  • Hi all, I have a pfsense with subnet WAN=1, LAN=2, OPENVPN=3, a ROUTER with an ip on LAN that have access to subnet 4, 5, 6, 7, etc.
    I have access from subnet 3 to subnet 2, but not to subnet 4, 5, 6, 7, etc. I believe router is blocking that access.

    Actually, if I try to ping from subnet 5 to subnet 3 is replying ok, but cannot ping from subnet 3 to 5, say: Time to live exceeded .

    Is it possible to create a virtual ip on lan, and do some NAT configuration in pfsense to bypass the router block?
    thanks a lot.



  • Post a network diagram so we can be sure what we are talking about.
    I guess when you set up the OpenVPN server (3) you put all the local subnets (2,4,5,6,7,…) in the "Local Subnet/s" box. Or you are redirecting all traffic from clients to the OpenVPN.

    Do a traceroute from and OpenVPN client to subnet 5 - that will show where the packet is going (around in a loop somewhere maybe).

    If the router inside your LAN (that routes from 2 to 4,5,6,7...) is blocking traffic originating from OpenVPN (3) tunnel network, then why not change that router config so it passes the traffic?

    Otherwise, yes you can add an Outbound NAT rule on LAN that will NAT traffic with source "OpenVPN tunnel subnet" to the pfSense LAN IP. That will hide the OpenVPN tunnel network addresses from the inside router.


Log in to reply