L2TP, Privat Network -> Public Network
Hello. Say I have an interface with a DHCP enabled 192.168.1.0/24 network, with router IP 192.168.1.1. The WAN IP is 220.127.116.11/29.
The WAN interface has a L2TP VPN server attached to it, it's server adresse is 18.104.22.168, and client's remote address range is 22.214.171.124.
Client A connects to the interface, and get's IP 192.168.1.2 (from DHCP server), connects to L2TP (126.96.36.199, firewall opened for L2TP) and gets IP 188.8.131.52
I have this setup (except not 8.8.8 adresses which belongs to Google), and I can ping/ssh client A on it's external IP 184.108.40.206. But from the client the web reports it's IP to be 220.127.116.11 (WAN IP).
What am I doing wrong?
Edit: clients tested include Shibby Tomato router and OS X. Ipsec is not used.
Edit 2: An online trace shows that client A is traced through the WAN.
Seems like pfSense auto adds a NAT rule (default "Automatic outbound" is selected in Outbound "Firewall: NAT: Outbound").
I changed Outbound to "Hybrid outbound", and added an exception "Do not NAT" with the subnet used for L2TP; see attachment. Image is manipulated to mask my real IP/mask, instead using 18.104.22.168/29 as the example in my previous post.