NAT + OpenVPN Client as Gateway Provider on Seperate Secure LAN



  • I'd post this under OpenVPN but I am not sure if that is the issue. Let me describe the setup I'm trying to achieve:

    PFSense 3 NICS:

    WAN -> ISP
    LAN (10.200.100.1) -> SWITCH LAN CLIENTS (10.200.100.100-200)
    SECURE LAN (10.200.10.1) -> 1 PC (10.200.10.10)
    OpenVPN Virtual Interface (10.9.X.X DHCP from VPN Provider)

    I have a PC that I am physically switching the cable from LAN to SECURE LAN when I want ALL my traffic to go over the VPN.

    I've created the vpn client in OpenVPN and it works. I can ping the local vpn IP address at 10.9.X.X) and OpenVPN gateway passes a ping test on 8.8.8.8…although that could just be bypassing the vpn and routing through the main ISP connection.

    I can ping both LAN addresses on either link at 10.200.100.1 and 10.200.10.1 respectively.

    I have added in a single additional outbound NAT for the openvpn virtual int with all 10.200.10.X traffic should be natted.

    When I turn on the SECURE LAN interface, all outbound WAN stops working immediately.

    I've tried static routes, etc. But nothing is working. In the firewall states I see a bunch of connections that say half/partial (sorry I forget the exact wording now and cant kill my connection again just yet!)

    I tried opening up all the firewalls on both lan and VPN interfaces, no luck.. I think it's either a NAT issue or an issue with how openvpn is binding or advertising routes.. Unless it's just messing with the pfsense box to see the same mac address jump between two interfaces.. I have no idea yet. Any help would be much appreciated. Thanks!


Log in to reply