Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1-1 NAT across VPN TUNNEL between two PfSenses (either open vpn or ipsec)

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gio1000
      last edited by

      Hello all,
      going mad on this since 2 days.

      • Two PFsense boxes (2.2.1)

      • BOX A: 1 WAN, 8 PUBLIC IPs (IP_PUB_A), private 192.168.100/24

      • BOX B: 2 WANS: 1 FOR VPN (WAN_A) and 1 with 8 PUBLIC IPS (IP_PUB_B), private 192.168.99/24

      an openvpn tunnel (tried also with IPSec) is setup between A and B (and works fine); it uses the 10.0.8/24 (A is Client, B is Server)

      I need to achieve that machine 192.168.99.1 (B private LAN) can be reached with 1-1 NAT both using IP_PUB_A_ <ip1>(via VPN tunnel) and via IP_PUB_B_ <ip1>While IP_PUB_B_ <ip1>NAT works fine with local LAN (192.168.99.1), I cant figure out how to 1-1 NAT IP_PUB_A <ip1>to 192.168.99.1.

      I have to do the same also for 192.168.1.2 to 8 (using IP_PUB_A<ip2>/IP_PUB_B <ip2>and so on).
      I tried everything I found around but I cant get the NAT via VPN tunnel to work.

      Any approach ?

      Thank you very much</ip2></ip2></ip1></ip1></ip1></ip1>

      1 Reply Last reply Reply Quote 0
      • G
        gio1000
        last edited by

        Ok, i managed thanks to this article to have it work
        https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

        I did miss the openvpn server service restart

        I recap, hoping tohelp anyone else:

        A) VPN tunnel (open VPN) up and Running (see on eof the tutorials)
        B) BOX B (target side)
            1)  Interfaces, Add …. as in the article
            2)  RESTART the SERVICE
            3)  Remove any rules from the Firweall > OpenVPN
            4) Add a rule on OVPNC1 (the virtual adapter) with destination 192.168.99.1 (the internal IP) and the ports (if any specific)
        C) BOX A (source side)
            1) Add a 1-1 NAT with IP_PUB_A <ip1>as public IP and 192.168.99.1 as the target
            2) Add a fireall rule (WAN) with target 192.168.99.1 to allow traffic
            3) In the OPenVPN tab add an allow all rule

        et voila</ip1>

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.