[pfSense] question on NAT capabilities/methods and VPN setup

Wed, 09 May 2012 21:37:55 -0700
Here's what we are trying to do . I've got pfSense up and I've got 5 WAN IP addresses in the WAN subnet. 

        a.b.c.d
        a.b.c.d+1
        a.b.c.d+2
        a.b.c.d+3
        a.c.d.d+4


I would like to NAT by specific address, and add VPN functionality to 
only specific IPs.  So d is our primary for most traffic, d+1 should get 
OpenVPN traffic, d+2 to d+4 should NAT to specific machines.  A few 
ports on each are fine, though we could do a full on 1:1 NAT if needed.



My question is how, precisely to go about this.  That is, I have the 
major functions (ssh, web, mail) traversing the d address, and NATting 
to a specific set of machines handling those functions.  That works 
well.  How do I get the NATting working on the other IPs?  IP Aliasing 
the WAN address and then mapping to that alias?  I ask as I've tried 
quite a few things that seem sensible, and none of them work.



Now I want to set OpenVPN on d+1.  Should I IP Alias the d+1 and give it 
a name?  And while I am at it, is there a way to debug the OpenVPN 
setup?  I've set OpenVPN up many a time by hand, without problems.  My 
first attempts now ... I can't even get it to start negotiating. 
OpenVPN is quite finicky, but I think this is repeated pilot error on my 
part, and its mostly with the user interface.  Do I need to build the 
CA, then the server certs, then the user certs for this (this is what 
I've done).



I am assuming pfSense can handle what I want here, both on the NATting 
and OpenVPN side.  But I seem to be lost on this.  I've set up many such 
systems (using different appliances and software stacks) in the past ... 
not a complete noob ... but I did get stuck here.  Any hints are 
welcome, and I'm going to keep pouring over the book.


Thanks!

--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics Inc.
email: land...@scalableinformatics.com
web  : http://scalableinformatics.com
       http://scalableinformatics.com/sicluster
phone: +1 734 786 8423 x121
fax  : +1 866 888 3112
cell : +1 734 612 4615

_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list














    











					Reply via email to