I want to configure OpenVPN server that works on alias IP. I changed the client config to have alias IP as remote and added "local 188.xx.xx.55" in OpenVPN config which is our alias IP. Also set "netd_interface=188.xx.xx.55" which is again alias ip. When the VPN connects and I check my public IP it displays xx.xx.207.4 which is the original IP not the alias IP we want it to work on. Can anyone please guide me how to make it work either with NATD or PF? If you want any more info just ask in comments and I'll post it.
Correction: "00050 divert 8668 ip4 from any to any via bge0" this ipfw rule is configured which might be causing the issue. Please look at my IP configuration below.
bge0: flags=8843 metric 0 mtu 1500 options=c019b ether xx:xx:97:xx:e5:xx hwaddr xx:xx:97:xx:e5:xx inet xx.xx.207.4 netmask 0xffffffc0 broadcast xx.xx.xx.63 inet 188.xx.xx.55 netmask 0xffffffff broadcast 188.xx.xx.55 nd6 options=29 media: Ethernet autoselect (1000baseT ) status: active
openvpn.conf: local 188.xx.xx.55 port 50983 push "route 188.xx.xx.55 255.255.255.255" askpass proto udp dev tun ca ca.crt cert server.crt key server.key dh dh.pem server 10.8.0.0 255.255.255.0 keepalive 10 120 comp-lzo persist-key persist-tun verify-client-cert none plugin /usr/local/lib/openvpn/plugins/open$ status openvpn-status.log verb 3 push "redirect-gateway autolocal def1" push "redirect-gateway local def1" push "dhcp-option DNS 18.104.22.168" push "dhcp-option DNS 22.214.171.124"
rc.conf: firewall_enable="YES" firewall_type="open" hostname="example.com" ifconfig_bge0="inet xx.xx.207.4 netmask 255.255.255.197 defaultrouter="xx.xx.207.1" ifconfig_bge0_alias0="inet 188.xx.xx.55 n$ gateway_enable="YES" natd_enable="YES" natd_flags="-alias_address 188.xx.xx.55" openvpn_enable="YES" openvpn_if="tun"
ipfw rules: 00050 divert 8668 ip4 from any to any via bge0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe$ 00800 allow ipv6-icmp from fe80::/10 to ff$ 00900 allow ipv6-icmp from any to any ip6 $ 01000 allow ipv6-icmp from any to any ip6 $ 65000 allow ip from any to any 65535 deny ip from any to any
You're actually using
natd for NAT, as this is FreeBSD and your
ipfw rule uses divert socket to forward traffic to it. Look at your
nat_interface option, it is currently set to your output interface name.
By default, with this configuration,
natd will use primary address of the specified interface as a masquerade.
To change this behavior, you have to remove
natd_interface stanza altogether from
rc.conf, and change your
natd_flags line there (or create one if it doesn't exist) to include this:
Where A.B.C.D should be your desired masquerade IP address.
finally it worked. I restarted natif and routing too along with natd. +1 for @Peter Zhabin. thank you brother so much. you finally saved me. Sadly my repution is not grater then 15 as i am new here too so i can't up vote your answer but your solution does work.
User contributions licensed under CC BY-SA 3.0