1-1 NAT across VPN TUNNEL between two PfSenses (either open vpn or ipsec)
-
Hello all,
going mad on this since 2 days.-
Two PFsense boxes (2.2.1)
-
BOX A: 1 WAN, 8 PUBLIC IPs (IP_PUB_A), private 192.168.100/24
-
BOX B: 2 WANS: 1 FOR VPN (WAN_A) and 1 with 8 PUBLIC IPS (IP_PUB_B), private 192.168.99/24
an openvpn tunnel (tried also with IPSec) is setup between A and B (and works fine); it uses the 10.0.8/24 (A is Client, B is Server)
I need to achieve that machine 192.168.99.1 (B private LAN) can be reached with 1-1 NAT both using IP_PUB_A_ <ip1>(via VPN tunnel) and via IP_PUB_B_ <ip1>While IP_PUB_B_ <ip1>NAT works fine with local LAN (192.168.99.1), I cant figure out how to 1-1 NAT IP_PUB_A <ip1>to 192.168.99.1.
I have to do the same also for 192.168.1.2 to 8 (using IP_PUB_A<ip2>/IP_PUB_B <ip2>and so on).
I tried everything I found around but I cant get the NAT via VPN tunnel to work.Any approach ?
Thank you very much</ip2></ip2></ip1></ip1></ip1></ip1>
-
-
Ok, i managed thanks to this article to have it work
https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269I did miss the openvpn server service restart
I recap, hoping tohelp anyone else:
A) VPN tunnel (open VPN) up and Running (see on eof the tutorials)
B) BOX B (target side)
1) Interfaces, Add …. as in the article
2) RESTART the SERVICE
3) Remove any rules from the Firweall > OpenVPN
4) Add a rule on OVPNC1 (the virtual adapter) with destination 192.168.99.1 (the internal IP) and the ports (if any specific)
C) BOX A (source side)
1) Add a 1-1 NAT with IP_PUB_A <ip1>as public IP and 192.168.99.1 as the target
2) Add a fireall rule (WAN) with target 192.168.99.1 to allow traffic
3) In the OPenVPN tab add an allow all ruleet voila</ip1>