L2TP, Privat Network -> Public Network

  • Hello. Say I have an interface with a DHCP enabled network, with router IP The WAN IP is

    The WAN interface has a L2TP VPN server attached to it, it's server adresse is, and client's remote address range is

    Client A connects to the interface, and get's IP (from DHCP server), connects to L2TP (, firewall opened for L2TP) and gets IP

    I have this setup (except not 8.8.8 adresses which belongs to Google), and I can ping/ssh client A on it's external IP But from the client the web reports it's IP to be (WAN IP).

    What am I doing wrong?

    Edit: clients tested include Shibby Tomato router and OS X. Ipsec is not used.

    Edit 2: An online trace shows that client A is traced through the WAN.

  • Seems like pfSense auto adds a NAT rule (default "Automatic outbound" is selected in Outbound "Firewall: NAT: Outbound").

    I changed Outbound to "Hybrid outbound", and added an exception "Do not NAT" with the subnet used for L2TP; see attachment. Image is manipulated to mask my real IP/mask, instead using as the example in my previous post.

Log in to reply