1.2.3 RC3 and NAT-Traversal
-
Hello,
I've searched for an answer to this but need help.
Can someone confirm if PFSense 1.2.3 RC3 supports NAT-Traversal?
I read somewhere that 1.2.3 would, but I am getting a NAT-Traversal error when I try to make an IPSEC tunnel using VPN Tracker to pfSense
Thanks
Jon
-
NAT-T was planned for 1.2.3 but had to be removed.
It caused a lot of regressions and made IPsec unstable for many, many users. It broke tunnel renegotiation, DPD, and other features.
NAT-T will be tried again for 2.0, but it was taken out before 1.2.3-RC3 was released.
-
Ok, thank you for clearing that up. Glad it wasn't me doing something wrong!
I will try PPTP
Jon
-
Is it completely removed and physically not there or is there a hidden setting I can enable in a conf file to get nat transversal to work?
My IPSec Client-Site is down after upgrading from 1.2.3-RC1 to 1.2.3-RC3.
I'm thinking of downgrading if there's no option to do this.
-
It required kernel support and a special build of ipsec-tools, so it has been completely removed, not just hidden.
-
thanks for clearing that up. i've downgraded from 1.2.3-RC3 to 1.2.3-RC1 and remote access VPN is working again. With 1.2.3-RC3 I would see phase 1 then phase 2 but not ESP packets, just lots of phase 2. 1.2.3-RC1 works well enough for me.
hopefully some work gets done on 2.0 in the future. i tried a snapshot on the weekend, i now understand the meaning of "alpha-alpha"
