mJh78B
Dabbler
- Joined
- Apr 2, 2022
- Messages
- 20
I have set up an OpenVPN server using the web GUI "Services" tab on my TrueNAS installation. The devices on my home network have IPs from 192.168.1.0/24 (TrueNAS server is 192.168.1.3), and OpenVPN is giving 192.168.2.0/24 to VPN clients. I have enabled IP packet forwarding in the
However, if VPN clients try to use the VPN as their gateway to the internet, the traffic never returns because, I assume, my router doesn't perform NAT on the 192.168.2.0/24 from-IPs coming out of the OpenVPN server. I've messed with
So, my main question: Is there any way to set up NAT on the TrueNAS/OpenVPN server so that the 192.168.2.0/24 IPs of the VPN clients are translated to 192.168.1.3 before ever leaving the box?
If not, would it be easier to set up the OpenVPN server inside a jail? It seems like this is something a lot of people want to do (and is essentially what all commercial VPN services do), but I haven't been able to find a solution yet.
System > Tuneables
area and added a static route in my router to allow the traffic intended for VPN clients to return back through 192.168.1.6. I am now able to access devices on my LAN through the VPN (though no mDNS, very sad, but seems impossible).However, if VPN clients try to use the VPN as their gateway to the internet, the traffic never returns because, I assume, my router doesn't perform NAT on the 192.168.2.0/24 from-IPs coming out of the OpenVPN server. I've messed with
pf
and ipfw
trying to set up NAT, but TrueNAS basically breaks everything I do, and it seems like touching firewalls is generally frowned upon on these forums.So, my main question: Is there any way to set up NAT on the TrueNAS/OpenVPN server so that the 192.168.2.0/24 IPs of the VPN clients are translated to 192.168.1.3 before ever leaving the box?
If not, would it be easier to set up the OpenVPN server inside a jail? It seems like this is something a lot of people want to do (and is essentially what all commercial VPN services do), but I haven't been able to find a solution yet.