L2TP, Privat Network -> Public Network



  • Hello. Say I have an interface with a DHCP enabled 192.168.1.0/24 network, with router IP 192.168.1.1. The WAN IP is 8.8.8.1/29.

    The WAN interface has a L2TP VPN server attached to it, it's server adresse is 8.8.8.6, and client's remote address range is 8.8.8.2.

    Client A connects to the interface, and get's IP 192.168.1.2 (from DHCP server), connects to L2TP (8.8.8.1, firewall opened for L2TP) and gets IP 8.8.8.2

    I have this setup (except not 8.8.8 adresses which belongs to Google), and I can ping/ssh client A on it's external IP 8.8.8.2. But from the client the web reports it's IP to be 8.8.8.1 (WAN IP).

    What am I doing wrong?

    Edit: clients tested include Shibby Tomato router and OS X. Ipsec is not used.

    Edit 2: An online trace shows that client A is traced through the WAN.



  • Seems like pfSense auto adds a NAT rule (default "Automatic outbound" is selected in Outbound "Firewall: NAT: Outbound").

    I changed Outbound to "Hybrid outbound", and added an exception "Do not NAT" with the subnet used for L2TP; see attachment. Image is manipulated to mask my real IP/mask, instead using 8.8.8.0/29 as the example in my previous post.