OpenVPN Client to Network with NAT

Started by Michael T, April 20, 2023, 01:53:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 20, 2023, 01:53:16 PM
I have established a OPenVPN connection to a remote site which expects only a single machine as client.
This works from the Opnsense host itself, but not from any host inside the internal network.
That is because the client is using its internal IP and the remote end doesn't know about that network so it will not reply to those foreign subnet IPs. If I add a manual NAT rule for the OpenVPN network it works.

The problem I am facing now is once the OpenVPN client from Opnsense is reconnecting for whatever reason, it gets a new VPN IP assigned and the NAT rule stops working. Is there a way to dynamically assign an alias to the local IP of an OpenVPN endpoint -  in the screenshot IP_ovpnc2 ? A plain NAT rule for all OpenVPN connections is not working - I need to specify the correct endpoint IP to get it working.
April 20, 2023, 02:30:54 PM #1
Why not NAT the entire OpenVPN client address pool/network?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 20, 2023, 02:54:11 PM #2
I am NAT'ing the whole client network, the problem is OPNsense not using the correct IP (I assume).
In the screenshot, when enabling rule 2 it doesn't work. Only rule 1 with IP_ovpnc assigned to the local OpenVPN IP is working.
Or do you mean something different?
April 20, 2023, 04:44:20 PM #3
When you assign the OpenVPN connection to an interface you should be able to use <interface>_Adress instead of a manual alias.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 20, 2023, 10:59:47 PM #4
Thanks pmhausen!

I have assigned ovpncX in Interfaces -> Assignments and after applying and making the interface active, the Firewall section contains a new network where I can configure NAT.
Print
Go Up Pages1
User actions