Skip to content

Instantly share code, notes, and snippets.

@werty1st
Forked from jamesmr89/gist:77851acecda208ecc780
Last active November 19, 2015 10:38
Show Gist options
  • Save werty1st/2647f12f355d5e5f8b98 to your computer and use it in GitHub Desktop.
Save werty1st/2647f12f355d5e5f8b98 to your computer and use it in GitHub Desktop.
pfSense 1to1 NAT OpenVPN setup
Goal of this document is to describe how to setup a vpn tunnel with two pfSense boxes
having the same LAN subnet, for the purpose of this doc we'll use 192.168.1.1/24 on
both firewalls LAN interfaces
We have to make some dummy networks here to NAT to so as far as Site A will be concerned,
site B will be 192.168.2.0/24, and as far as Site B is concerened site A will be 192.168.3.0/24
SiteA (LAN 192.168.1.1)
OpenVPN Server:
Standard Setup and we'll use 10.0.1.0/24 as the Tunnel Network (I can elaborate here later)
Under advanced settings add these lines:
push "route 192.168.3.0 255.255.255.0";
route 192.168.2.0 255.255.254.0; ### Site B LAN
Then under the OpenVPN Client Specific Overrides tab we'll add the following lines to the Advanced section
for the SiteB CSO:
iroute 192.168.2.0 255.255.254.0;
ifconfig-push 10.0.1.253 10.0.1.254 # Optional but makes the client always connect with the same IP
1to1 NAT: Firewall > NAT > 1to1 tab
add a new entry with the following settings
Interface = Openvpn
External Subnet = 192.168.3.0
Internal IP = 192.168.1.0/24
Destination = 192.168.2.0/24
Create appropriate firewall rules on the OpenVPN interface
Site B
OpenVPN Client
LAN 192.168.1.1
This side is really simple, we just create a client to connect to the server and the advanced section is blank
1to1 NAT: Firewall > NAT > 1to1 tab
add a new entry with the following settings
Interface = Openvpn
External Subnet = 192.168.2.0
Internal IP = 192.168.1.0/24
Destination = 192.168.3.0/24
Create appropriate firewall rules on the OpenVPN interface
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment