L2TP, Privat Network -> Public Network
Hello. Say I have an interface with a DHCP enabled 192.168.1.0/24 network, with router IP 192.168.1.1. The WAN IP is 18.104.22.168/29.
The WAN interface has a L2TP VPN server attached to it, it's server adresse is 22.214.171.124, and client's remote address range is 126.96.36.199.
Client A connects to the interface, and get's IP 192.168.1.2 (from DHCP server), connects to L2TP (188.8.131.52, firewall opened for L2TP) and gets IP 184.108.40.206
I have this setup (except not 8.8.8 adresses which belongs to Google), and I can ping/ssh client A on it's external IP 220.127.116.11. But from the client the web reports it's IP to be 18.104.22.168 (WAN IP).
What am I doing wrong?
Edit: clients tested include Shibby Tomato router and OS X. Ipsec is not used.
Edit 2: An online trace shows that client A is traced through the WAN.
Seems like pfSense auto adds a NAT rule (default "Automatic outbound" is selected in Outbound "Firewall: NAT: Outbound").
I changed Outbound to "Hybrid outbound", and added an exception "Do not NAT" with the subnet used for L2TP; see attachment. Image is manipulated to mask my real IP/mask, instead using 22.214.171.124/29 as the example in my previous post.