Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L2TP, Privat Network -> Public Network

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 749 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Johnny_B
      last edited by

      Hello. Say I have an interface with a DHCP enabled 192.168.1.0/24 network, with router IP 192.168.1.1. The WAN IP is 8.8.8.1/29.

      The WAN interface has a L2TP VPN server attached to it, it's server adresse is 8.8.8.6, and client's remote address range is 8.8.8.2.

      Client A connects to the interface, and get's IP 192.168.1.2 (from DHCP server), connects to L2TP (8.8.8.1, firewall opened for L2TP) and gets IP 8.8.8.2

      I have this setup (except not 8.8.8 adresses which belongs to Google), and I can ping/ssh client A on it's external IP 8.8.8.2. But from the client the web reports it's IP to be 8.8.8.1 (WAN IP).

      What am I doing wrong?

      Edit: clients tested include Shibby Tomato router and OS X. Ipsec is not used.

      Edit 2: An online trace shows that client A is traced through the WAN.

      1 Reply Last reply Reply Quote 0
      • J
        Johnny_B
        last edited by

        Seems like pfSense auto adds a NAT rule (default "Automatic outbound" is selected in Outbound "Firewall: NAT: Outbound").

        I changed Outbound to "Hybrid outbound", and added an exception "Do not NAT" with the subnet used for L2TP; see attachment. Image is manipulated to mask my real IP/mask, instead using 8.8.8.0/29 as the example in my previous post.

        outbound.png_thumb
        outbound.png

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.