[pfSense] question on NAT capabilities/methods and VPN setup
landman at scalableinformatics.com
Thu May 10 00:37:33 EDT 2012
Here's what we are trying to do . I've got pfSense up and I've got 5
WAN IP addresses in the WAN subnet.
I would like to NAT by specific address, and add VPN functionality to
only specific IPs. So d is our primary for most traffic, d+1 should get
OpenVPN traffic, d+2 to d+4 should NAT to specific machines. A few
ports on each are fine, though we could do a full on 1:1 NAT if needed.
My question is how, precisely to go about this. That is, I have the
major functions (ssh, web, mail) traversing the d address, and NATting
to a specific set of machines handling those functions. That works
well. How do I get the NATting working on the other IPs? IP Aliasing
the WAN address and then mapping to that alias? I ask as I've tried
quite a few things that seem sensible, and none of them work.
Now I want to set OpenVPN on d+1. Should I IP Alias the d+1 and give it
a name? And while I am at it, is there a way to debug the OpenVPN
setup? I've set OpenVPN up many a time by hand, without problems. My
first attempts now ... I can't even get it to start negotiating.
OpenVPN is quite finicky, but I think this is repeated pilot error on my
part, and its mostly with the user interface. Do I need to build the
CA, then the server certs, then the user certs for this (this is what
I am assuming pfSense can handle what I want here, both on the NATting
and OpenVPN side. But I seem to be lost on this. I've set up many such
systems (using different appliances and software stacks) in the past ...
not a complete noob ... but I did get stuck here. Any hints are
welcome, and I'm going to keep pouring over the book.
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics Inc.
email: landman at scalableinformatics.com
web : http://scalableinformatics.com
phone: +1 734 786 8423 x121
fax : +1 866 888 3112
cell : +1 734 612 4615
More information about the List