How to OpenVPN without NAT



  • Hi,

    This is my first post. I've searched for an answer but could not figure out. So here is my question.

    I have a simple OpenVPN server which is builded by wizard. I can connect with my Viscocity client and it is working perfect.

    However I noticed a problem with NFS. I realized that wherever I go, I am connecting with Pfsense internal IP, which I suppose it is doing NAT.  As far as I see NAT has several problems with NFS (especially with Macos). There are some workarounds but all have other problems.

    So I want to get rid of NAT and be able to connect anywhere with my assigned IP.

    Is it possible?

    Thanks for helping.

    BTW I've tried tap but no success. Also I see that tap is not recommended.



  • @gkyildirim:

    BTW I've tried tap but no success. Also I see that tap is not recommended.

    Not that "TAP is not recommended" AFAIK but TUN is lighter therefore faster. Then in some cases, TAP is the right choice.

    Could you please elaborate on your NAT related issue with NFS and also describe with "assigned IP" you refer to in your statement?



  • By default pfSense doesn't do NAT for OpenVPN tunnel. You have to add an outbound NAT rule manually if you want it. Otherwise you access your LAN hosts with your assigned IP from OpenVPN tunnel.
    So deactivate the liable outbound NAT rule.

    However, if pfSense (the VPN server) isn't the default gateway in your LAN you will have to add a route to VPN tunnel at your hosts.



  • @chris4916:

    Could you please elaborate on your NAT related issue with NFS and also describe with "assigned IP" you refer to in your statement?

    A Mac NFS client can not connect Mac NFS server through NAT even with some NFS tuning (didn't remember details right now). Even if you switch to another NFS server there are other problems. As far as I investigate NFS does not play right with NFS, it has lots of drawbacks.

    By assigned IP I mean the client IP that OpenVPN server assigns when you establish the connection.



  • @viragomann:

    By default pfSense doesn't do NAT for OpenVPN tunnel.

    I did ever played with NAT rules. It is set to Automatic.


Log in to reply