Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOLVED: LAN NAT of remote over OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tommyhp2
      last edited by

      Hi folks,

      I have a problem getting LAN traffic to NAT/route over OpenVPN.  Here's my setup:

      Site A

      • has current version of pfSense running OK

      • Is configured with OpenVPN server

      Site B

      • is my laptop

      • has pfSense running in a VM to route all traffic from the laptop and VMs

      • Is configured with OpenVPN client and seems be working per diagnostics

      When the OpenVPN client in the site B's pfSense is stopped/disabled, site B's pfSense works as expected.  When the OpenVPN client is running:

      • I can see the IP (vpn.network.ip.2) and DHCP server IP (vpn.network.ip.1)

      • Diagnostics' traceroute on site B's pfSense shows proper routing when source is from OpenVPN NIC or OpenVPN client

      • Any traffic to the internet on site's B LAN network is not working.  Including diagnostics' traceroute.

      Do I need to add route mapping to site's B pfSense?  To rule out any firewall issue, I've provided 1 rule of allow any source to any destination on both the server's and the client's OpenVPN NICs.

      Here's my site B's (obfuscated) routes:

      Destination Gateway Flags Use Mtu Netif Expire
      0.0.0.0/1 open.vpn.network.1 UGS 3 1500 ovpnc1
      default site.b.wan.1 UGS 20950 1500 vtnet0
      8.8.4.4 open.vpn.network.1 UGHS 2 1500 ovpnc1
      8.8.8.8 open.vpn.network.1 UGHS 2 1500 ovpnc1
      site.b.lan2.0/24 link#3 U 58263 1500 vtnet2
      site.b.lan2.1 link#3 UHS 0 16384 lo0
      127.0.0.1 link#6 UH 1030 16384 lo0
      128.0.0.0/1 open.vpn.network.1 UGS 16 1500 ovpnc1
      site.a.public.ip/32 site.b.wan.1 UGS 88 1500 vtnet0
      site.b.wan.0/24 link#1 U 0 1500 vtnet0
      site.b.wan.1 52:54:00:xx:xx:xx UHS 10512 1500 vtnet0
      site.b.wan.230 link#1 UHS 0 16384 lo0
      site.b.lan1.0/24 link#2 U 20494 1500 vtnet1
      site.b.lan1.1 link#2 UHS 0 16384 lo0
      open.vpn.network.0/24 open.vpn.network.2 UGS 0 1500 ovpnc1
      open.vpn.network.1 link#8 UH 8 1500 ovpnc1
      open.vpn.network.2 link#8 UHS 0 16384 lo0

      open.vpn.network.1 = Site A's & DHCP IP on the OpenVPN server NIC
      open.vpn.network.2 = Site B's OpenVPN client IP
      site.b.wan.1              = Site B's WAN gateway
      site.b.wan.230          = Site B's WAN IP
      site.b.lan1                  = Site B's LAN 1 network
      site.b.lan2                  = Site B's LAN 2 network

      Thanks in advance,
      Tommy

      1 Reply Last reply Reply Quote 0
      • T
        tommyhp2
        last edited by

        Figured out the root cause.  Changed NAT outbound to hybrid and added the rules for the LAN within site B's pfSense. :D

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.