NAT the clients and then route them through VPN?
-
Hi folks,
i'm fiddling around for a while trying to get something like that working:
I want to to route everything that comes from the clients and is destinated to go "to the internet" to be routed through the VPN tunnel. That VPN tunnel is already working.
The server (the debian box n the image) should not see the clients and which client is doing what, the server should only see one IP adress, the one of the pfSense box. Therefore pfSense has to NAT everything before sending it through the tunnel, hasn't it?
The reason behind is, that i do not want to do a classic site-to-site scenario, it often happens that roadwarrior users having access to the VPNserver temporary want to connect a whole subnet.
What shall I do now? Or do you think there is a better way to do this?
-
It's not possible to NAT into the VPN tunnel
(at least not through the GUI)
–> not supported. -
Bad to hear…
Thanks for the fast responding anyway!
-
ISTR that NAT with OpenVPN is coming in one of the future releases. I don't remember which, but a search of this forum should find the details.
It is possible to manually add the required NAT configuration - again, search the forum as I don't remember the details.
-
I do stuff similar to this, but instead of having 1 VPN tunnel between the remote box and the pfsense box, instead each client on the LAN has to run openvpn client and connect to the remote box. then all their traffic is routed over the tunnel. this takes pfsense out of the openvpn equation
disadvantage - instead of one tunnel, there are many. more to manage, scalability problems I imagine..
but end goal is the same, clients on LAN all traffic goes through tunnel
