Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing VNC on VPN

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      Not sure if this is the right section, if not just move the topic to the correct place.

      Pre: i've got a fully working installation of pfsense with openvpn roadwarrior setup

      i'm trying to use vnc over vpn,
      so if a "sales" roadwarrior vpn client (10.8.10.x) is connected to our pfsense box and is running a "vnc-viewer-software" he can receive vnc call incoming from our "customer".

      the setup already work if the "vnc-viewer-software" run on a PC in the LAN (192.168.1.X) segment of our network (obviusly with the proper NAT & FIREWALL RULES)

      if i make a similar NAT rule on pfsense using an IP of VPN subnet (10.8.10.x) instead of LAN subnet (192.168.1.x) didn't work.

      anyone can give me any clue?
      many thanks

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG Offline
        GruensFroeschli
        last edited by

        I assume your mobile warriors dont get NATed to the internet.

        http://forum.pfsense.org/index.php/topic,7001.0.html

        Per default for every local "real" interface a rule will be installed that NAT's from this interface to WAN.
        If you want to have Internet access from multiple LAN subnets (ie. you have a router behind pfSense with another subnet) enable Advanced outbound NAT and create a rule for every IP range you want to be NAT'ed.
        The same goes for OpenVPN if you want the OpenVPN subnet NAT'ed to WAN.
        You need to create a rule for every subnet you want NAT'ed.
        Alternatively you can change the source of single existing rule from LAN to "any" thus NAT'ing everything.
        (screenshots to clarify: http://forum.pfsense.org/index.php/topic,7693.0.html )
        This might create a problem for FTP with multiWAN
        more here: http://forum.pfsense.org/index.php/topic,7096.msg40810.html#msg40810

        Try this.
        I'm not sure, but i think this should help.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.