OpenVPN server configuration

Good Morning All,
Hope you are doing well.
I’m currently looking onto providing a OpenVPN service so integrators can access to their respective systems. We had OpenVPN server running on a PFsense, which we still are, but due to our SpeedFusion setup, NAT is getting in the way of it. This is the current topology:

Starlink Public IP(100.100.23.80 as an example)>Pepwave SDX 172.17.50.x/24>PFSense (OpenVPNServer)>VLANS.

I was wondering if there is a way to skip NAT for this paticular service? I have 4 SDX Uplink VLAN interfaces for this. I could use one specificatlly for this setup.

Any advice is greatly appreciated.

Thank you :slight_smile:

In order to “skip NAT” for this, you would need a /30 or larger to give you multiple IPs, and then provide one of them directly to your PFsense box (assuming you wanted to continue hosting on the PFSense box).

One additional note, you say “Starlink Public IP(100.100.23.80…)” but that is not a public IP, that is a CGNAT address which is not publically routable. In this case you would actually not be able to host OpenVPN at all with the SDX or PFSense acting as an OpenVPN server due to no publically accessible IP for clients to reach.

There are a few ways to do this with FusionHub or a Peplink device as an appliance in a location with a public IP that is connected via SpeedFusion to your SDX.