Run OpenVPN server on alias IP

I want to configure OpenVPN server that works on alias IP. I changed the client config to have alias IP as remote and added "local 188.xx.xx.55" in OpenVPN config which is our alias IP. Also set "netd_interface=188.xx.xx.55" which is again alias ip. When the VPN connects and I check my public IP it displays xx.xx.207.4 which is the original IP not the alias IP we want it to work on. Can anyone please guide me how to make it work either with NATD or PF? If you want any more info just ask in comments and I'll post it.

Correction: "00050 divert 8668 ip4 from any to any via bge0" this ipfw rule is configured which might be causing the issue. Please look at my IP configuration below.

bge0: flags=8843 metric 0 mtu 1500 options=c019b ether xx:xx:97:xx:e5:xx hwaddr xx:xx:97:xx:e5:xx inet xx.xx.207.4 netmask 0xffffffc0 broadcast xx.xx.xx.63 inet 188.xx.xx.55 netmask 0xffffffff broadcast 188.xx.xx.55 nd6 options=29 media: Ethernet autoselect (1000baseT ) status: active

openvpn.conf: local 188.xx.xx.55 port 50983 push "route 188.xx.xx.55 255.255.255.255" askpass proto udp dev tun ca ca.crt cert server.crt key server.key dh dh.pem server 10.8.0.0 255.255.255.0 keepalive 10 120 comp-lzo persist-key persist-tun verify-client-cert none plugin /usr/local/lib/openvpn/plugins/open$ status openvpn-status.log verb 3 push "redirect-gateway autolocal def1" push "redirect-gateway local def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"

rc.conf: firewall_enable="YES" firewall_type="open" hostname="example.com" ifconfig_bge0="inet xx.xx.207.4 netmask 255.255.255.197 defaultrouter="xx.xx.207.1" ifconfig_bge0_alias0="inet 188.xx.xx.55 n$ gateway_enable="YES" natd_enable="YES" natd_flags="-alias_address 188.xx.xx.55" openvpn_enable="YES" openvpn_if="tun"

ipfw rules: 00050 divert 8668 ip4 from any to any via bge0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe$ 00800 allow ipv6-icmp from fe80::/10 to ff$ 00900 allow ipv6-icmp from any to any ip6 $ 01000 allow ipv6-icmp from any to any ip6 $ 65000 allow ip from any to any 65535 deny ip from any to any

You're actually using natd for NAT, as this is FreeBSD and your ipfw rule uses divert socket to forward traffic to it. Look at your /etc/rc.conf for nat_interface option, it is currently set to your output interface name.

By default, with this configuration, natd will use primary address of the specified interface as a masquerade. To change this behavior, you have to remove natd_interface stanza altogether from rc.conf, and change your natd_flags line there (or create one if it doesn't exist) to include this:

natd_flags="-alias_address A.B.C.D"

Where A.B.C.D should be your desired masquerade IP address.