Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why all traffics of OpenVPN server in local network has OpenVPN server's IP

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      starless_boi
      last edited by

      Hi
      first of all, sorry if my question has been asked before..(i could not find anything related in the forum)

      I have a pfsense box configured as openVPN server, to access my local network from outside via authenticating users and giving them local IPs.
      I have a big problem here, one of my local machines are being attacked as brute force login, I investigated through logs of my local machine, surprisingly the attacker IP is openVPN server's IP, I am sure the attacker is one of my VPN users, but I can not got which of them is doing so, because all traffics crossing through openVPN server to my local network labeled by my openVPN server's IP, now my question is, if this is a normal behavior?is there any configuration to change how it behaves and see my user's local IPs over network and in my local machines logs.
      please guide me through this problem.
      Thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        How is your network setup?

        When I vpn in, the vpn client gets an IP in my tunnel network, 10.0.8.x for example – so any machine on my network would see this specific IP hitting it.. Which I could easy track in the vpn logs to what client/user got what IP..

        see attached example of log.. I see the user account name and what IP it got both ipv4 and ipv6 in my setup.  Sounds like your natting somewhere into your network before it gets to your server that is being bruteforced?

        So as you see my client came in and got 10.0.8.2, and then I pinged a workstation I was sniffing on  - and you see it sees the traffic from that IP given to the openvpn client.

        logandping.png_thumb
        logandping.png

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          starless_boi
          last edited by

          thanks for your answer.
          my infrastructure is based on vmware ESXi
          I have two networks, one internet and one local network. pfsense box is installed as a VM, Wan interface in public network, Lan Interface in localnetwork (my stations are in local network)
          my open vpn server configuration is attached.
          my tunnel network is 192.168.128.120.0/24 and my local network is 192.168.128.0/24
          when I created VPN server, I added an Outbound NAT rule as attached,
          please tell me what is my fault in configuration.
          and also why when I remove outbound nat rule, server stops working. (in tutorial videos found in youtube, none of them added outbound NAT rule )

          openvpnserverConfig.JPG
          openvpnserverConfig.JPG_thumb
          outboundRule.JPG
          outboundRule.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            @starless_boi:

            when I created VPN server, I added an Outbound NAT rule as attached,

            This rule isn't necessary for openVPN. It tranlates any source address (VPN clients) to the LAN address when accessing a LAN host.
            If you don't use other special NAT rules, switch back to automatic rule generation, otherwise use "hybrid".

            @starless_boi:

            and also why when I remove outbound nat rule, server stops working.

            ???  What do you mean exactly with "stops working"?

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              When you remove NAT in that situation and things stop working, it's because your routing's wrong/missing somewhere for the network you're translating away to make the problem disappear.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                You sure do not need that nat is for sure…  You have it on your lan interface...

                Here is what I found - 99 out of 100 times when someone thinks they need a nat, and dick with the outbound rules they mess it up ;)  Leaving it on automatic is most likely all you need..

                Also curious what stops working?  Most likely your lan devices firewall would block these remote vpn tunnel networks unless you allow it - this is also common mistake made.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.