Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding to the VPN IPsec tunnel

    Scheduled Pinned Locked Moved
    NAT
    3
    5
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lukaszc
      last edited by

      Hi,
      We have problem in port forwarding to the tunnel VPN IPsec.
      My configuration:

      pfsense1:
      IPsec with 192.168.50.0/24

      pfsense2:
      IPsec with 172.16.33.0/24

      In pfsense2 I add NAT rule on WAN interface with redirect destination port 3342 to ip 192.168.50.128, but it doesn't work.
      I think problem is in selectors in P2 in IPsec.
      It's possible NAT this redirect to IPsec tunnel?
      Thanks fo help.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        No. IPsec won't do that if you are port forwarding from arbitrary addresses. You don't get reply-to at the 192.168.50.128 side so replies will go out WAN instead of back across the IPsec tunnel.

        You can do that over an OpenVPN tunnel though.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 1
        • L
          lukaszc
          last edited by

          Thanks for reply :)
          It really can't be done on pfsense? We have Fortigate in other location and this works fine with NAT.
          Maybe outbound NAT helps?
          WAN->Outbound NAT->IPsec
          I will also check the OpenVPN solution
          Thanks.

          1 Reply Last reply Reply Quote 0
          • L
            lukaszc
            last edited by

            OK - over an OpenVPN tunnel works fine - Thanks

            P 1 Reply Last reply Reply Quote 0
            • P
              Pernahajder @lukaszc
              last edited by

              @lukaszc
              Hi Lukaszc!
              How can you solve the problem over an OpenVPN?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post