Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT openvpn clients to a remote ipsec site

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 717 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nachum234
      last edited by

      I have site to site tunnel to amazon VPC form my pfsense server and I also have openvpn configured so remote users can I access my servers.
      I want that my openvpn users will have access to the remote site (amazon VPC) servers so I try to use the NAT section in ipsec configuration but it didn't worked.
      my network subnets is like that:
      172.16.35.0/24 - servers (where pfsense is)
      192.168.255.0/24 - openvpn clients
      10.0.0.0/16 - amazon VPC

      I added to my openvpn the remote subnet of amazon VPC 10.0.0.0/16.
      I ping from my laptop to ec2 instances and login to pfsense and saw the packets using tcpdump on the openvpn interface but then I see that openvpn interface send unreachable reply.

      Can I make a NAT rule that will translate my openvpn clients 192.168.255.0/24 to 172.16.35.x and send the traffic through the IPSec tunnel?

      Thanks,
      Yossi

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.