Hi,
I have a OPENVPN server in our datacenter. We have openvpn clients at all customer sites used to setup L3 tunnels and L2 bridges.
Our requirement is to have the L3 traffic routed down the tunnel and not perform NAT'ing anywhere so that the original source and destination addresses remains.
All our other customer OPENVPN clients work without any problems, but for a ne wone I recently setup traffic from our Datacenter to the customer site gets NAT'ed behind the OPENVPN client BR0 ip address after exiting the tunnel. I compared my config to other I know works, but can't find the cause of this. I am no expert at *nix operating systems, but can wind my way around.
Here is the client conf file:
# MAC Address of device
MAC=00:01:c0:05:fc:de
## Which terminator the client should connect to
TERM_IP=10.0.208.93
## Configure VLAN ID of client bridge
VLANID=127
## Specify PKCS12 file for the bridge server (CA cert, server key, server cert)
PKCS12=/etc/openvpn/easy-rsa/keys/vlan127-server.p12
## Specify local/remote IP address to be assigned to client for the routed P-t-P link
IP="172.17.255.127 172.17.255.1"
## Specify NAT ip addresses assigned to client (space separated)
#NAT_SRC="10.252.1.1 10.252.1.2 10.252.1.3 10.252.1.4 10.252.1.5 10.252.1.6 10.252.1.7 10.252.1.8 10.252.1.9"
#NAT_DST="192.168.1.4 192.168.1.45 192.168.1.28 192.168.1.39 192.168.1.37 192.168.1.36 192.168.1.12 192.168.1.2 192.168.1.58"
NAT_SRC=""
NAT_DST=""
## Specific any directly routable destinations
DCT="192.168.1.4 192.168.1.45 192.168.1.28 192.168.1.39 192.168.1.37 192.168.1.36 192.168.1.12 192.168.1.2 192.168.1.58"
## Specific the port that the LII client should connect to
L2_TERM_PORT=10127
OPENVPN Client and NAT'ing
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
wvwavere
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Dec 05, 2010 8:24 pm
Re: OPENVPN Client and NAT'ing
Maybe just to explain further.
We have an existing openvpn Server, but recently created a second one. This is the first connection actually running on the second one.
Traffic flow as follow:
Source server --> VPN Server --> wan --> vpn client --> custmomer firewall --> dest server
10.0.208.148 10.0.208.93 10.32.9.0 10.32.9.10 10.32.9.9 192.168.1.4
I am expecting to see 10.0.208.148 as source on the customer firewall, but am getting 10.32.9.10.
We have an existing openvpn Server, but recently created a second one. This is the first connection actually running on the second one.
Traffic flow as follow:
Source server --> VPN Server --> wan --> vpn client --> custmomer firewall --> dest server
10.0.208.148 10.0.208.93 10.32.9.0 10.32.9.10 10.32.9.9 192.168.1.4
I am expecting to see 10.0.208.148 as source on the customer firewall, but am getting 10.32.9.10.
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: OPENVPN Client and NAT'ing
May I assume that you aren't using the "community" version of OpenVPN? If not, you'll need to get in touch with the OpenVPN team via the support link on the main web site.
-Stephen
-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole