pfSense Forum

pfSense English Support => General Questions => Topic started by: repomanz on November 10, 2017, 04:02:03 pm

Title: xboxone / strict nat and VPN
Post by: repomanz on November 10, 2017, 04:02:03 pm
Hey everyone.

I'm beating my head against the wall here as I don't understand why xboxone NAT is not working when i try to VPN some clients (not the xbox). 

Key point here:  I have a fully functional xbox one with open NAT based on the guide linked in this forum.  XboxOne is working, works well.   However the moment I attempt to VPN any traffic to my internal clients I complete break the NAT for xbox one.

Outbound rules (in order):

1) xbox static outbound rule is #1 in the list and is bound to WAN
2) LAN 1 subnet
3) LAN 2 subnet
4) openvpn interface #1
5) openvpn interface #2
6) openvpn interface #3
7) openvpn interface #4
8) openvpn interface #5

LAN 1 network is routed out through vpn client gateway group (openvpn interface #1 - #5)
LAN 2 network (where xbox lives) is routed out through WAN

All clients perform as they should.  I get a VPN address for clients in LAN 1.  Clients in LAN 2 get my WAN IP.   However with this configuration the NAT type is now broken. 

What can i check for here to see if additional configurations are required?  It's clear i'm missing a configuration with the VPN, interfaces or not fully understand how VPN and NAT work together.


JJ


Title: Re: xboxone / strict nat and VPN
Post by: repomanz on November 11, 2017, 03:41:58 pm
Hi everyone. I've solved this on my own and so i figured I'd inform others of the solution.

Under the vpn client configuration details for each openvpn client , check the box "don't pull routes".  This resolved the issue I was having.

** edit - i now have a dns leak so i'll have to figure that out.