Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Client to Network with NAT
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN Client to Network with NAT (Read 2118 times)
Michael T
Newbie
Posts: 4
Karma: 0
OpenVPN Client to Network with NAT
«
on:
April 20, 2023, 01:53:16 pm »
I have established a OPenVPN connection to a remote site which expects only a single machine as client.
This works from the Opnsense host itself, but not from any host inside the internal network.
That is because the client is using its internal IP and the remote end doesn't know about that network so it will not reply to those foreign subnet IPs. If I add a manual NAT rule for the OpenVPN network it works.
The problem I am facing now is once the OpenVPN client from Opnsense is reconnecting for whatever reason, it gets a new VPN IP assigned and the NAT rule stops working. Is there a way to dynamically assign an alias to the local IP of an OpenVPN endpoint - in the screenshot IP_ovpnc2 ? A plain NAT rule for all OpenVPN connections is not working - I need to specify the correct endpoint IP to get it working.
Logged
Patrick M. Hausen
Hero Member
Posts: 6830
Karma: 574
Re: OpenVPN Client to Network with NAT
«
Reply #1 on:
April 20, 2023, 02:30:54 pm »
Why not NAT the entire OpenVPN client address pool/network?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Michael T
Newbie
Posts: 4
Karma: 0
Re: OpenVPN Client to Network with NAT
«
Reply #2 on:
April 20, 2023, 02:54:11 pm »
I am NAT'ing the whole client network, the problem is OPNsense not using the correct IP (I assume).
In the screenshot, when enabling rule 2 it doesn't work. Only rule 1 with IP_ovpnc assigned to the local OpenVPN IP is working.
Or do you mean something different?
Logged
Patrick M. Hausen
Hero Member
Posts: 6830
Karma: 574
Re: OpenVPN Client to Network with NAT
«
Reply #3 on:
April 20, 2023, 04:44:20 pm »
When you assign the OpenVPN connection to an interface you should be able to use <interface>_Adress instead of a manual alias.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Michael T
Newbie
Posts: 4
Karma: 0
Re: OpenVPN Client to Network with NAT (solved)
«
Reply #4 on:
April 20, 2023, 10:59:47 pm »
Thanks pmhausen!
I have assigned ovpncX in Interfaces -> Assignments and after applying and making the interface active, the Firewall section contains a new network where I can configure NAT.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Client to Network with NAT