4. SOLVED: LAN NAT of remote over OpenVPN

SOLVED: LAN NAT of remote over OpenVPN

  • T

    Hi folks,

    I have a problem getting LAN traffic to NAT/route over OpenVPN.  Here's my setup:

    Site A

    • has current version of pfSense running OK

    • Is configured with OpenVPN server

    Site B

    • is my laptop

    • has pfSense running in a VM to route all traffic from the laptop and VMs

    • Is configured with OpenVPN client and seems be working per diagnostics

    When the OpenVPN client in the site B's pfSense is stopped/disabled, site B's pfSense works as expected.  When the OpenVPN client is running:

    • I can see the IP (vpn.network.ip.2) and DHCP server IP (vpn.network.ip.1)

    • Diagnostics' traceroute on site B's pfSense shows proper routing when source is from OpenVPN NIC or OpenVPN client

    • Any traffic to the internet on site's B LAN network is not working.  Including diagnostics' traceroute.

    Do I need to add route mapping to site's B pfSense?  To rule out any firewall issue, I've provided 1 rule of allow any source to any destination on both the server's and the client's OpenVPN NICs.

    Here's my site B's (obfuscated) routes:

    Destination Gateway Flags Use Mtu Netif Expire
    0.0.0.0/1 open.vpn.network.1 UGS 3 1500 ovpnc1
    default site.b.wan.1 UGS 20950 1500 vtnet0
    8.8.4.4 open.vpn.network.1 UGHS 2 1500 ovpnc1
    8.8.8.8 open.vpn.network.1 UGHS 2 1500 ovpnc1
    site.b.lan2.0/24 link#3 U 58263 1500 vtnet2
    site.b.lan2.1 link#3 UHS 0 16384 lo0
    127.0.0.1 link#6 UH 1030 16384 lo0
    128.0.0.0/1 open.vpn.network.1 UGS 16 1500 ovpnc1
    site.a.public.ip/32 site.b.wan.1 UGS 88 1500 vtnet0
    site.b.wan.0/24 link#1 U 0 1500 vtnet0
    site.b.wan.1 52:54:00:xx:xx:xx UHS 10512 1500 vtnet0
    site.b.wan.230 link#1 UHS 0 16384 lo0
    site.b.lan1.0/24 link#2 U 20494 1500 vtnet1
    site.b.lan1.1 link#2 UHS 0 16384 lo0
    open.vpn.network.0/24 open.vpn.network.2 UGS 0 1500 ovpnc1
    open.vpn.network.1 link#8 UH 8 1500 ovpnc1
    open.vpn.network.2 link#8 UHS 0 16384 lo0

    open.vpn.network.1 = Site A's & DHCP IP on the OpenVPN server NIC
    open.vpn.network.2 = Site B's OpenVPN client IP
    site.b.wan.1              = Site B's WAN gateway
    site.b.wan.230          = Site B's WAN IP
    site.b.lan1                  = Site B's LAN 1 network
    site.b.lan2                  = Site B's LAN 2 network

    Thanks in advance,
    Tommy

    0
  • T

    Figured out the root cause.  Changed NAT outbound to hybrid and added the rules for the LAN within site B's pfSense. :D

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy