I was told that NATing my OpenVPN clients to local LAN IP would do the trick of avoiding the routing from the far side (as far side is not under my authority). Can anyone tell me how to do this in pfSense?? C.
_____ From: Nathan Eisenberg [mailto:nat...@atlasnetworks.us] Sent: Thursday, January 28, 2010 12:32 PM To: support@pfsense.com Subject: RE: [pfSense Support] Route OpenVPN client requests through IPSec tunnel I'm betting that the machines in the other office do not have a route to get to 10.99.99.0. Add a static route to the remote office gateway/IPSec router, sending traffic bound for 10.99.99.0/x to your OpenVPN server. The OpenVPN server will know where to send the traffic from there. Best Regards, Nathan Eisenberg Sr. Systems Administrator - Atlas Networks, LLC office: 206.577.3078 | suncadia: 206.210.5450 www.atlasnetworks.us | www.suncadianet.com From: Chris Roubekas [mailto:croube...@cnr-web.com] Sent: Thursday, January 28, 2010 1:00 AM To: support@pfsense.com Subject: [pfSense Support] Route OpenVPN client requests through IPSec tunnel Dear all, I have recently managed to create an IPSec tunnel between my office and another one of the same company. The network topology is as follows: MyOffice: pfSense: LAN 10.100.100.0/255.255.255.0 WAN: 10.100.99.0/255.255.255.0 (connects to router for internet) IPSec tunnel: 192.168.20.0/255.255.255.0 (this is the lan of the other office. I can ping these machines from my local LAN). RoadWarrior OpenVPN (administered by pfSense). IP Range: 10.99.99.0 So far RoadWarrior clients can connect to the VPN and use all services on my local LAN. The problem is I need the road warrior clients to be able to use the machine of the IPSec Tunnel (192.168.20.0) as well. Any good ideas?? C. __________ Information from ESET NOD32 Antivirus, version of virus signature database 4811 (20100127) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4812 (20100128) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
