1-1 NAT across VPN TUNNEL between two PfSenses (either open vpn or ipsec)



  • Hello all,
    going mad on this since 2 days.

    • Two PFsense boxes (2.2.1)

    • BOX A: 1 WAN, 8 PUBLIC IPs (IP_PUB_A), private 192.168.100/24

    • BOX B: 2 WANS: 1 FOR VPN (WAN_A) and 1 with 8 PUBLIC IPS (IP_PUB_B), private 192.168.99/24

    an openvpn tunnel (tried also with IPSec) is setup between A and B (and works fine); it uses the 10.0.8/24 (A is Client, B is Server)

    I need to achieve that machine 192.168.99.1 (B private LAN) can be reached with 1-1 NAT both using IP_PUB_A_ <ip1>(via VPN tunnel) and via IP_PUB_B_ <ip1>While IP_PUB_B_ <ip1>NAT works fine with local LAN (192.168.99.1), I cant figure out how to 1-1 NAT IP_PUB_A <ip1>to 192.168.99.1.

    I have to do the same also for 192.168.1.2 to 8 (using IP_PUB_A<ip2>/IP_PUB_B <ip2>and so on).
    I tried everything I found around but I cant get the NAT via VPN tunnel to work.

    Any approach ?

    Thank you very much</ip2></ip2></ip1></ip1></ip1></ip1>



  • Ok, i managed thanks to this article to have it work
    https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

    I did miss the openvpn server service restart

    I recap, hoping tohelp anyone else:

    A) VPN tunnel (open VPN) up and Running (see on eof the tutorials)
    B) BOX B (target side)
        1)  Interfaces, Add …. as in the article
        2)  RESTART the SERVICE
        3)  Remove any rules from the Firweall > OpenVPN
        4) Add a rule on OVPNC1 (the virtual adapter) with destination 192.168.99.1 (the internal IP) and the ports (if any specific)
    C) BOX A (source side)
        1) Add a 1-1 NAT with IP_PUB_A <ip1>as public IP and 192.168.99.1 as the target
        2) Add a fireall rule (WAN) with target 192.168.99.1 to allow traffic
        3) In the OPenVPN tab add an allow all rule

    et voila</ip1>


Log in to reply