Routing IP traffic from client through server openvpn tunnel?

Aryeh Friedman aryeh.friedman at
Sat Jul 4 19:37:44 UTC 2020

On Sat, Jul 4, 2020 at 3:11 PM Ultima <ultima1252 at> wrote:

> The other workaround would be to setup nating on your side, but I would
> recommend against this if avoidable.

What's wrong with a NAT they are often the only time to handle cases where
one side of the connection (typically your ISP but in theory other things
like VM's and the alike).   NAT's also (if properly configured) serve as a
very effective and trivial to configure poorman's firewall (no need to make
weird rules for different ports/services since it is automatically a
one-way routing [you have full routing to the public side of the NAT but
the public side has no routing into the private side).

For example I use double NAT'ing on my home network (since I have always
worked at home as a freelancer it is also my "office" LAN) where I put any
devices that are WiFi only (no physical RJ-45 jack) on the NAT that is
formed by my ISP router and then I use desktop router for all the wired
connections.   This makes it if somehow someone is able to get onto the
WiFi despite the encryption they can not get to anything important (the
printer is the only thing on the WiFi NAT) and if some does manage to get
into the ISP NAT they will not get past the desktop router one (remember
unless you know it is there a NAT is totally invisible to the public side
of the connection).

Please note that I do medical software development and thus by law *MUST*
be HIPAA compliant (among other things end-to-end security and other
security safeguards).   The above setup meets and likely exceeds those

Aryeh M. Friedman, Lead Developer,

More information about the freebsd-questions mailing list