Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT internet traffic from specific interface through OpenVPN

    OpenVPN
    2
    2
    730
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      l1thiium
      last edited by

      Hello,

      I have read several posts and guides but so far I could not find how to do this working. I have a pfSense 2.2.2 with WAN, LAN, OPT1 interfaces and an openVPN client configured.

      LAN –-> INTERNET goes is NAT to WAN as expected, but I want OPT1 ---> INTERNET routed through the openVPN and I cannot find a way to do it. Also, apparently this changes a lot from 2.1 to 2.2, and most material online is obsolete/unclear.

      OPT1 is 192.168.5.0/24 (pfSense is 192.168.5.1). openVPN client is working, as shown in the screenshot attached. I don't know if it's important, but openVPN uses 22/TCP as my pfSense is behind another firewall out of my control.

      I could not find a way to NAT the outbound traffic through the VPN. My most natural guess was to change outbound NAT to manual, and replace "WAN" with "OpenVPN" in the interface on the rules for 192.168.5.0/24 but that's not working. Actually, based on Firewall logs, traffic is still being NAT to WAN. Traffic is allowed on the rules (I have allowed everything on OPT1 and openVPN) but the traffic does not work (which is expected, as going out through WAN)

      I tried another things, for example adding the VPN to the interfaces (apparently this was the way to go on 2.1) and setting it as gateway on the route allowing the traffic, but this is not working neither.Very interestingly, if I do this, the rule is ignored, and the traffic is rejected on firewall by the default deny for OPT1. Also, it leaves me two VPN interfaces (the one I created and the default openVPN) on the rules tabs, which is weird and I suspect it's not the way to go.

      I have tried other configurations also, like setting this new interface on system->routing, or change between the 2 VPN interfaces (the one created automatically and the one I created later) on NAT, but no luck with any of those.

      Can you please guide me to the proper way of configuring this?

      Thanks!

      ![VPN status.png](/public/imported_attachments/1/VPN status.png)
      ![VPN status.png_thumb](/public/imported_attachments/1/VPN status.png_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        vktRus
        last edited by

        This is my settings for «normal» openvpn client. LAN -> OpenVPN client -> OpenVPN gateway -> OpenVPN interface.

        Make this a rule, but for OPT1. Maybe this will help you.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.