PFSense masking OpenVPN Client IP

drizzlezap · May 6, 2020, 4:24pm

Hi

Is there any way in PFSense to mask the IP of someone connecting and mask the IP as coming from a different range?

I have some device on the internal LAN with only accept communication from the same IP range. Means, when connecting to OpenVPN, I get into range 10.10.10.xx and the devices in question are on my internal IP range wich is 192.168.1.xx.

Are there any rules or routes I could set?

The only solution I found, is to reserve few IP’s in the DHCP server and setting the tunnel network of the open VPN server to the same as the internal (192.168.1.0/24).

Greetings

risk · May 6, 2020, 4:27pm

Like NAT? Sure.

Edit: actually not sure if it’s possible to set it for a single IP only just through the UI. It’s possible to add custom pf rules to do binat only when this one strange device is involved.

drizzlezap · May 6, 2020, 4:57pm

Not sure if I fully understand what you actually mean. Do you have something I can read into or maybe further explain what you mean exactly?

risk · May 7, 2020, 6:09am

https://www.openbsd.org/faq/pf/nat.html

Same principle as when you’re routing a whole bunch of computers on your home network to the internet, using only the IP address of your router.

In this case you’d be connecting a host behind OpenVPN to something on your LAN, using your router (pfsense) address.

The tricky part is that you only need to do it destination IP is your “stupid device”, that can only talk to LAN IPs.