Why all traffics of OpenVPN server in local network has OpenVPN server's IP



  • Hi
    first of all, sorry if my question has been asked before..(i could not find anything related in the forum)

    I have a pfsense box configured as openVPN server, to access my local network from outside via authenticating users and giving them local IPs.
    I have a big problem here, one of my local machines are being attacked as brute force login, I investigated through logs of my local machine, surprisingly the attacker IP is openVPN server's IP, I am sure the attacker is one of my VPN users, but I can not got which of them is doing so, because all traffics crossing through openVPN server to my local network labeled by my openVPN server's IP, now my question is, if this is a normal behavior?is there any configuration to change how it behaves and see my user's local IPs over network and in my local machines logs.
    please guide me through this problem.
    Thanks


  • LAYER 8 Global Moderator

    How is your network setup?

    When I vpn in, the vpn client gets an IP in my tunnel network, 10.0.8.x for example – so any machine on my network would see this specific IP hitting it.. Which I could easy track in the vpn logs to what client/user got what IP..

    see attached example of log.. I see the user account name and what IP it got both ipv4 and ipv6 in my setup.  Sounds like your natting somewhere into your network before it gets to your server that is being bruteforced?

    So as you see my client came in and got 10.0.8.2, and then I pinged a workstation I was sniffing on  - and you see it sees the traffic from that IP given to the openvpn client.




  • thanks for your answer.
    my infrastructure is based on vmware ESXi
    I have two networks, one internet and one local network. pfsense box is installed as a VM, Wan interface in public network, Lan Interface in localnetwork (my stations are in local network)
    my open vpn server configuration is attached.
    my tunnel network is 192.168.128.120.0/24 and my local network is 192.168.128.0/24
    when I created VPN server, I added an Outbound NAT rule as attached,
    please tell me what is my fault in configuration.
    and also why when I remove outbound nat rule, server stops working. (in tutorial videos found in youtube, none of them added outbound NAT rule )






  • @starless_boi:

    when I created VPN server, I added an Outbound NAT rule as attached,

    This rule isn't necessary for openVPN. It tranlates any source address (VPN clients) to the LAN address when accessing a LAN host.
    If you don't use other special NAT rules, switch back to automatic rule generation, otherwise use "hybrid".

    @starless_boi:

    and also why when I remove outbound nat rule, server stops working.

    ???  What do you mean exactly with "stops working"?



  • When you remove NAT in that situation and things stop working, it's because your routing's wrong/missing somewhere for the network you're translating away to make the problem disappear.


  • LAYER 8 Global Moderator

    You sure do not need that nat is for sure…  You have it on your lan interface...

    Here is what I found - 99 out of 100 times when someone thinks they need a nat, and dick with the outbound rules they mess it up ;)  Leaving it on automatic is most likely all you need..

    Also curious what stops working?  Most likely your lan devices firewall would block these remote vpn tunnel networks unless you allow it - this is also common mistake made.


Log in to reply