I have a private network of 192.168.100.0/24. My public IP is 78.83.163.141.
I have two VMs running pfSense Community Edition 2.6.0 and respectively OpenVPN Server 2.5.4.
Both VMs have a single network interface set as WAN with addresses from the private network: 192.168.100.10 and 192.168.100.11.
I've configured a HA between them with CARP IP 192.168.100.12.
The OpenVPN server is set to UDP 61194 with tunnel network of 192.168.104/24.
I've added an outbound NAT for 192.168.104/24 to the CARP IP 192.168.100.12 (so all OpenVPN packets to be routed through the CARP).
I've added a NAT on my public IP, port 61194 to 192.168.100.12, port 61194 (public to CARP).
The whole thing works except:
- I see as client IP the IP of the router, not the real public IP address of the client
- I receive the following error when connecting
and in the server logs I seeCode: Select all
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1683797029) 2023-05-11 12:23:49 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Code: Select all
MULTI: bad source address from client , packet dropped
I'd appreciate any help so I can clear those errors. If you need more information, I'd be glad to share it.