On Mon, Aug 22, 2016 at 3:33 PM, Dreetjeh D <[email protected]> wrote:
> The OVPN-Client is a NAS and ip_forward is enabled. > > I also added > iptables -t nat -I POSTROUTING 1 -s 0.0.0.0/0 -o bond0 -j MASQUERADE > > to make the LAN behind it available. There is a existing one for tun0 > which the NAS does "by itself". > Would it be better to set a route on modem2 ??? ...instead of MASQ on NAS > but I have no access to modem2 at the moment, forgot password and is in > another country. > > Unfortunately Server and Client are both NAT`ed and cannot change that. > > > Windows 7 <--> pfSense <--> Modem1 <--WAN--> Modem2 <--> NAS > > > pfSense is Server, Site-to-Site with ccd > > > <Windows 7-192.168.30.9> <LAN-192.168.30/24> pfSense <WAN-192.168.11.11> > <LAN-192.168.11/24> Modem1 <WAN> > > <WAN> Modem2 <192.168.5/24> <NAS-192.168.5.250> > > > vpn-net is 192.168.158/24 > > pfSense server is 192.168.158.1 > > NAS is 192.168.158.3 > > > Windows 7 with standard GW-192.168.30.1 can reach LAN "behind" NAS > > So that works but only I do not succeed to make NAS the GW for Windows 7. > Guess you want all out-of-LAN traffic from the win7 box (192.168.30.9) to go through the VPN to the NAS and then exit out of it. First make sure you can ping 192.168.5.1 (modem2' LAN interface?) from win7. On win7: change the default gateway to pfsense (192.168.30.?) On pfSense: Add a direct route to the public IP of NAS (modem2's WAN IP?). Change pfsense's default gateway to the vpn IP of NAS. If you do not want to change the gateway of pfsense, have a routing policy that makes all packets with source = 192.168.30.9 go through the VPN. Source-NAT the win7's address on modem2 -- alternatively NATing on NAS may work if double NAT is ok. Selva
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
