Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT on enc0?

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kiwi_uk
      last edited by

      Hi folks,

      I'm using pfSense 1.2.3rc1's IPSec implementation to connect my local LAN to a remote Linux server using ipsec-tools & racoon. I have set the tunnel up so that it uses the WAN IP of the respective machines as it's remote LAN and I was hoping this would replicate a transport mode setup, which it does seem to do. If I ping the Linux machine from pfSense (logged in via SSH) then the IPSec tunnel is bought up and the two machines can communicate securely.

      What I would like to happen now is that the LAN clients can communicate with this Linux machine but still be NAT'd. This way the Linux server will only ever see traffic from the pfSense's WAN interface. I think what I want is described here:

      http://cvstrac.pfsense.com/tktview?tn=1692

      and this is relevant too:

      http://www.mail-archive.com/pf@benzedrine.cx/msg07969.html

      Currently, any traffic from the LAN is subject to the normal NAT rules (10.0.0.0/24 to WAN IP in this case) and arrives at the Linux box unencrypted. I would like it to go through the IPSec tunnel. I have tried to add a NAT rule using the Web UI but the IPSec interface is not shown on the NAT rule page.

      Anybody got any thoughts on if this is possible or not?

      Thanks,
      Jon

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There was a bounty for this at some point, but I believe it was withdrawn.

        It's not currently possible, but there were some ideas in the bounty thread. Check the expired bounties board and it should be there.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.