On Thu, Jan 28, 2010 at 3:20 PM, Chris Roubekas <[email protected]> wrote: > I was told that NATing my OpenVPN clients to local LAN IP would do the trick > of avoiding the routing from the far side (as far side is not under my > authority). > Can anyone tell me how to do this in pfSense??
Yes but that's a hack. I'm not sure if it would work in combination with IPsec, I know it works for routing traffic into the LAN, or across other OpenVPN connections. If you add outbound NAT on LAN for the source of the OpenVPN IPs it'll work for traffic going into LAN, not sure about traffic leaving over IPsec. You never add static routes in combination with IPsec (short of the one exclusion for traffic initiated by the firewall itself detailed in the FAQ), they won't do anything, traffic must match the SPD which is strictly what you configure in the tunnel local/remote. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
