PFSense OpenVPN IP masking


Is there any way in PFSense to mask the IP of someone connecting (in my case it’s me only anyway) and mask the ip as comming from a different range?

I have some device on the internal LAN with only accept communication from the same IP range. Means, when connecting to OpenVPN, I get into range 30.30.30.xx and the devices in question are on my internal IP range wich is 192.168.xx.xx.

Are there any rules or router I could set?


Sounds like the 30.30.30.xx IP range is from your OpenVPN tunnel network, just change it to something on not already used, that might work.

Hi neogrid

That is correct, 30.xx is the VPN Tunnel Network and the prefered setup. Unfortunately the devices have to be on the exact same range. That means I would have to specify the same network for the vpn tunnel as the internal network.

Let’s say the device in question is on, then I would have to be on 192.168.1.x to make it work and specify as tunnel network.

When specifing the same IP range as internal like you suggest it work, but i am not sure if there will be weird issues or behaviour in certain situations, since I will have IP duplication. For example I get (since i’m the only one on the tunnel entwork) and that IP adress could already be taken.

My understanding of networking unfortunately is too limited to estimate the impact in certain situations.

You need to have rules to direct the traffic between the tunnel network and your lan. It works for me over vlans so I’ll assume it’s basically the same for physical lans. Just think of your OpenVPN server as being on another network, then go from there.

Didn’t find a solution for my specific problem, however the workaround ist to define the VPN tunnel network in the IP same range as the devices having this limitations are in. In the above example it would be However you will get duplicated IP adresses, but somehow it works.

But I’m sure there could be some weird network problems or behaviours in certain situations. At least I know where to search first in case I would encounter any of those. Reserving some range in the local DHCP server could be a workaround for this.

As an addition to your answer:
The rules had been set and the IP ranges knew eachother, however my goal was to mask the origin of the VPN device to appear in the same network.

Well I can say that I have defined as my tunnel network, it comes in to for my ISP vLAN. This is only possible because I have a rule on OpenVPN Server that allows it to see the network. Without that rule it would only see its own network, I suspect this is occurring in your situation.

Put it another way, if you can set up two vlans and they can see each other then you have the rules correct, mirror those on your OpenVPN server rules.