pfSense 1to1 NAT OpenVPN setup

gistfile1.txt

Goal of this document is to describe how to setup a vpn tunnel with two pfSense boxes
having the same LAN subnet, for the purpose of this doc we'll use 192.168.1.1/24 on
both firewalls LAN interfaces

We have to make some dummy networks here to NAT to so as far as Site A will be concerned,
site B will be 192.168.2.0/24, and as far as Site B is concerened site A will be 192.168.3.0/24

SiteA (LAN 192.168.1.1)
OpenVPN Server:
Standard Setup and we'll use 10.0.1.0/24 as the Tunnel Network (I can elaborate here later)
Under advanced settings add these lines:
push "route 192.168.3.0 255.255.255.0";
route 192.168.2.0 255.255.254.0;   ### Site B LAN

Then under the OpenVPN Client Specific Overrides tab we'll add the following lines to the Advanced section
for the SiteB CSO:
iroute 192.168.2.0 255.255.254.0;
ifconfig-push 10.0.1.253 10.0.1.254 # Optional but makes the client always connect with the same IP

1to1 NAT: Firewall > NAT > 1to1 tab
add a new entry with the following settings
Interface = Openvpn
External Subnet = 192.168.3.0
Internal IP = 192.168.1.0/24
Destination = 192.168.2.0/24

Create appropriate firewall rules on the OpenVPN interface

Site B
OpenVPN Client
LAN 192.168.1.1
This side is really simple, we just create a client to connect to the server and the advanced section is blank

1to1 NAT: Firewall > NAT > 1to1 tab
add a new entry with the following settings
Interface = Openvpn
External Subnet = 192.168.2.0
Internal IP = 192.168.1.0/24
Destination = 192.168.3.0/24

Create appropriate firewall rules on the OpenVPN interface