Todo #15796: Feeback on Client Routing and Gateway Considerations - pfSense Docs - pfSense bugtracker

Actions

Copy link

Todo #15796

open

Feeback on Client Routing and Gateway Considerations

Added by Andrew Almond about 1 month ago. Updated 30 days ago.

Status:

New

Priority:

Normal

Assignee:

Jim Pingle

Category:

IPsec

Target version:

Start date:

Due date:

% Done:

Estimated time:

Description

https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/client-routing.html

Outbound NAT is not listed as an option when it is a great solution with minimal or no side effects.

Create an Outbound NAT rule with the source network as the remote network, and NAT it to the interface and address of the local VPN endpoint. Following the illustration on the page:

Create the Outbound NAT rule on the Site A VPN Endpoint (10.3.0.20).
Interface: FW LAN
Protocol: Any
Source: 10.5.0.0/24
Destination: 10.3.0.0/24
Address: Interface Address

The result is that all traffic from Site B (10.0.5.0) will appear to be coming from 10.3.0.20, which the existing LAN Gateway will naturally route. This does mask the true source of the traffic from Site A's perspective, but that's not a concern in many cases.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Docs

Todo #15796

Feeback on Client Routing and Gateway Considerations

Updated by Jim Pingle 30 days ago