Hello,
Thanks for the time. >Guess you want all out-of-LAN traffic from the win7 box (192.168.30.9) to go >through the VPN to the NAS and then exit out of it. Probably did not read the whole mail, but is no problem :) The goal is to have "VPN-ON.cmd" and "VPN-OFF.cmd" on Win7 so one can select when want to go over VPN, exit at NAS/Modem2. >First make sure you can ping 192.168.5.1 (modem2' LAN interface?) from win7. Yes, the 192.168.5/24 is available to the Win7, 192.168.30/24 The other way around is also the case. >On win7: change the default gateway to pfsense (192.168.30.?) This was and still is the case. I thought changing GW on Win7 can make it go over VPN but I seem to be unable to change GW properly. It`s Win7 Home by the way. >On pfSense: Add a direct route to the public IP of NAS (modem2's WAN IP?). >Change pfsense's default gateway to the vpn IP of NAS. I think this will lead to the whole 192.168.30/24 (also VLAN`s) go over VPN? Just want Win7 to go over VPN with VPN-ON.cmd and VPN-OFF.cmd >If you do not want to change the gateway of pfsense, have a routing policy >that makes all packets with source = 192.168.30.9 go through the VPN. This will make Win7 always go over VPN? >Source-NAT the win7's address on modem2 -- alternatively NATing on NAS may >work if double NAT is ok. >Selva I currently have no access to Modem2. So I NAT`ed on NAS after which the 192.168.5/24 became available to pfSense and thus all LAN/VLAN behind it. Will firewall that after this is working. But I think setting a route on Modem2 is better? As soon as time permits I will post a diagram somewhere, maybe the situation will be more clear. Thanks again. ________________________________ Van: Selva Nair <[email protected]> Verzonden: dinsdag 23 augustus 2016 01:17:06 Aan: Dreetjeh D CC: Alarig Le Lay; debbie10t; openvpn users list ([email protected]) Onderwerp: Re: [Openvpn-users] Client as exit point? On Mon, Aug 22, 2016 at 3:33 PM, Dreetjeh D <[email protected]<mailto:[email protected]>> wrote: The OVPN-Client is a NAS and ip_forward is enabled. I also added iptables -t nat -I POSTROUTING 1 -s 0.0.0.0/0<http://0.0.0.0/0> -o bond0 -j MASQUERADE to make the LAN behind it available. There is a existing one for tun0 which the NAS does "by itself". Would it be better to set a route on modem2 ??? ...instead of MASQ on NAS but I have no access to modem2 at the moment, forgot password and is in another country. Unfortunately Server and Client are both NAT`ed and cannot change that. Windows 7 <--> pfSense <--> Modem1 <--WAN--> Modem2 <--> NAS pfSense is Server, Site-to-Site with ccd <Windows 7-192.168.30.9> <LAN-192.168.30/24> pfSense <WAN-192.168.11.11> <LAN-192.168.11/24> Modem1 <WAN> <WAN> Modem2 <192.168.5/24> <NAS-192.168.5.250> vpn-net is 192.168.158/24 pfSense server is 192.168.158.1 NAS is 192.168.158.3 Windows 7 with standard GW-192.168.30.1 can reach LAN "behind" NAS So that works but only I do not succeed to make NAS the GW for Windows 7. Guess you want all out-of-LAN traffic from the win7 box (192.168.30.9) to go through the VPN to the NAS and then exit out of it. First make sure you can ping 192.168.5.1 (modem2' LAN interface?) from win7. On win7: change the default gateway to pfsense (192.168.30.?) On pfSense: Add a direct route to the public IP of NAS (modem2's WAN IP?). Change pfsense's default gateway to the vpn IP of NAS. If you do not want to change the gateway of pfsense, have a routing policy that makes all packets with source = 192.168.30.9 go through the VPN. Source-NAT the win7's address on modem2 -- alternatively NATing on NAS may work if double NAT is ok. Selva
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
