1
24.1 Legacy Series / OpenVPN Instance (new) missing NAT
« on: March 07, 2024, 11:40:53 am »
Nat routing from VPN
Setting up OpenVPN (instance type) and wanted traffic to be routed all via the OpenVPN server (tun).
There are a couple of scenarios that would result the NAT rule not created (traffic not routed out).
A bit more documentation would be good.
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
OpenVPN 2.6.9
1.
VPN Instance -> Redirect gateway: autolocal, default
Interface Assignments -> OpenVPN Interface not assigned
Firewall: NAT Outbound: Automatic works, no explicit NAT rule is needed for OpenVPN
2.
VPN Instance -> Redirect gateway: autolocal, default
Interface Assignments -> ovpns1 -> opt adapter
enable: checked
IPv4 Configuration Type: none
Firewall: NAT Outbound: Automatic works, no explicit NAT rule is needed for OpenVPN
(rule is auto created)
3.
VPN Instance -> Redirect gateway: autolocal, default
Interface Assignments -> ovpns1 -> opt adapter
enable: NOT checked
Firewall: NAT Outbound: Hybrid Outbound NAT rule
(This needs to be created manually)
Interface: WAN1
Source: opt adapter
Source Por:t *
Destination: *
Destination Port: *
NAT Address: WAN Address
The above 3 cases will have traffic routed outward, but case #3 requires manual creation of the rule. If not, then the traffic would silent fail and not routed correctly.
Hopefully this helps someone get unstuck.
though I'm not sure why the performance is really bad... my PFsense running on same server performance much better.
Setting up OpenVPN (instance type) and wanted traffic to be routed all via the OpenVPN server (tun).
There are a couple of scenarios that would result the NAT rule not created (traffic not routed out).
A bit more documentation would be good.
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
OpenVPN 2.6.9
1.
VPN Instance -> Redirect gateway: autolocal, default
Interface Assignments -> OpenVPN Interface not assigned
Firewall: NAT Outbound: Automatic works, no explicit NAT rule is needed for OpenVPN
2.
VPN Instance -> Redirect gateway: autolocal, default
Interface Assignments -> ovpns1 -> opt adapter
enable: checked
IPv4 Configuration Type: none
Firewall: NAT Outbound: Automatic works, no explicit NAT rule is needed for OpenVPN
(rule is auto created)
3.
VPN Instance -> Redirect gateway: autolocal, default
Interface Assignments -> ovpns1 -> opt adapter
enable: NOT checked
Firewall: NAT Outbound: Hybrid Outbound NAT rule
(This needs to be created manually)
Interface: WAN1
Source: opt adapter
Source Por:t *
Destination: *
Destination Port: *
NAT Address: WAN Address
The above 3 cases will have traffic routed outward, but case #3 requires manual creation of the rule. If not, then the traffic would silent fail and not routed correctly.
Hopefully this helps someone get unstuck.
though I'm not sure why the performance is really bad... my PFsense running on same server performance much better.