OpenVPN Policy based routing: Gateway as sender IP?

[mjcs]

Dear all,

I use two OpenVPN servers (vpn0 (10.10.230.0/23), vpn1 (10.10.232.0/24 ) to route the traffic through different gateways (10.10.210.2 (default), 10.10.202.2). So I created two Firewall routes in Zone "OpenVPN":

1) Source 10.10.232.0/24 -> Gateway 10.10.202.2.
2) Source * -> Gateway *

The second rule makes use of the default gateway. Now i can observe that, when pinging a host outside of the VPN network, from a client of vpn0 the VPN-Client-IP i.e. 10.10.230.5 is used as sender and from vpn1 the Gateway IP address 10.10.202.2 (observed via tcpdump)

When I modify rule 1) and set the default GW, also the Client-IP is used, i.e. 10.10.232.8 ).

As I want to identify the VPN client by IP address inside my networks, how can I prevent that the gateway IP appears instead of the client IP? Any ideas?

Thank you very much,

Markus

[Gauss23]

Seems as if you have an outbound NAT rule for vpn1.

Send a screenshot of Firewall:NAT:Outbound.

[mjcs]

Thanks for your reply. Please see the screenshot attached:

[Gauss23]

That looks weird. Outbound NAT on LAN and LANADMIN interface?

What interfaces do you have? Usually outbound NAT is only needed on the WAN interface. I would try to set it manual rules so that no automatic rules are in place.

Make a backup before you do this

[mjcs]

Hm, after setting it to manual rules I had a lot of trouble. The GUI was not reachable und OpenVPN refused to work at all (soft-connection-reset received.)

I have 3 interfaces, LAN, LANADMIN and WAN. I'm a bit perplexed.