NAT openvpn clients to a remote ipsec site

  • I have site to site tunnel to amazon VPC form my pfsense server and I also have openvpn configured so remote users can I access my servers.
    I want that my openvpn users will have access to the remote site (amazon VPC) servers so I try to use the NAT section in ipsec configuration but it didn't worked.
    my network subnets is like that: - servers (where pfsense is) - openvpn clients - amazon VPC

    I added to my openvpn the remote subnet of amazon VPC
    I ping from my laptop to ec2 instances and login to pfsense and saw the packets using tcpdump on the openvpn interface but then I see that openvpn interface send unreachable reply.

    Can I make a NAT rule that will translate my openvpn clients to 172.16.35.x and send the traffic through the IPSec tunnel?


Log in to reply