Project

General

Profile

Actions

Todo #15796

open

Feeback on Client Routing and Gateway Considerations

Added by Andrew Almond 7 days ago. Updated 6 days ago.

Status:
New
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/client-routing.html

Outbound NAT is not listed as an option when it is a great solution with minimal or no side effects.

Create an Outbound NAT rule with the source network as the remote network, and NAT it to the interface and address of the local VPN endpoint. Following the illustration on the page:

Create the Outbound NAT rule on the Site A VPN Endpoint (10.3.0.20).
Interface: FW LAN
Protocol: Any
Source: 10.5.0.0/24
Destination: 10.3.0.0/24
Address: Interface Address

The result is that all traffic from Site B (10.0.5.0) will appear to be coming from 10.3.0.20, which the existing LAN Gateway will naturally route. This does mask the true source of the traffic from Site A's perspective, but that's not a concern in many cases.

Actions

Also available in: Atom PDF