NAT openvpn clients to a remote ipsec site
-
I have site to site tunnel to amazon VPC form my pfsense server and I also have openvpn configured so remote users can I access my servers.
I want that my openvpn users will have access to the remote site (amazon VPC) servers so I try to use the NAT section in ipsec configuration but it didn't worked.
my network subnets is like that:
172.16.35.0/24 - servers (where pfsense is)
192.168.255.0/24 - openvpn clients
10.0.0.0/16 - amazon VPCI added to my openvpn the remote subnet of amazon VPC 10.0.0.0/16.
I ping from my laptop to ec2 instances and login to pfsense and saw the packets using tcpdump on the openvpn interface but then I see that openvpn interface send unreachable reply.Can I make a NAT rule that will translate my openvpn clients 192.168.255.0/24 to 172.16.35.x and send the traffic through the IPSec tunnel?
Thanks,
Yossi