Re: NAT on tun0 used with OpenVPN

Stefan Tunsch <stunsch <at> korrekto.com> writes:

> 
> 
> Hi!
> 
>  
> I need to set up 
> outbound natting on tun0.
> tun0 is the virtual 
> interface created and used by an OpenVPN client on my pfSense 
> machine.
> 
>  
> This interface 
> (tun0) isn't available for creating rules, NAT, etc on the web interface of 
> pfSense.
> 
>  
> How can I set up 
> outbound NATTING for this interface?
> 
>  
> Regards, 
> Stefan
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.409 / Virus Database: 268.14.3/530 - Release Date: 11/11/2006 
> 


Hi there,

i guess i understand the problem you have. i could not find the right button in
the web-gui for that setting, but i accomplished it through the cli. you need to
have some basic unix skills for that configuration!

just take a look at the nat-table with "pfctl -sn", you should see all
nat-rules. write them to a temp-file: "pfctl -sn > /var/tmp/tempfile"
then edit the temp-file: "vi /var/tmp/tempfile" and go to the last nat-item, for
example:

--snip--
nat on sis1 inet from 192.168.1.0/24 to any -> (sis1) round-robin
rdr-anchor "pftpx/*" all
--snip--

duplicate this line and change it to your needs (assume that 192.168.1.0 is your
local network and 192.168.2.0 is the ovpn remote network)

--snip--
nat on sis1 inet from 192.168.1.0/24 to any -> (sis1) round-robin
nat on tun0 inet from 192.168.1.0/24 to 192.168.2.0 -> (tun0) round-robin
rdr-anchor "pftpx/*" all
--snip--

do not touch the other lines! save the file and reread it with: "pfctl -Nf
/var/tmp/tempfile".

keep in mind that any change in firewall rules will delete this customization (a
reboot will also). try to automate it with grep and cron! if you need further
assistance just contact me.

if anyone has better solutions, let me know.

best regards

andreas