NAT openvpn clients to a remote ipsec site



  • I have site to site tunnel to amazon VPC form my pfsense server and I also have openvpn configured so remote users can I access my servers.
    I want that my openvpn users will have access to the remote site (amazon VPC) servers so I try to use the NAT section in ipsec configuration but it didn't worked.
    my network subnets is like that:
    172.16.35.0/24 - servers (where pfsense is)
    192.168.255.0/24 - openvpn clients
    10.0.0.0/16 - amazon VPC

    I added to my openvpn the remote subnet of amazon VPC 10.0.0.0/16.
    I ping from my laptop to ec2 instances and login to pfsense and saw the packets using tcpdump on the openvpn interface but then I see that openvpn interface send unreachable reply.

    Can I make a NAT rule that will translate my openvpn clients 192.168.255.0/24 to 172.16.35.x and send the traffic through the IPSec tunnel?

    Thanks,
    Yossi


Log in to reply