Topics tagged under "cgnat" | Netgate Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

P

Can't get WAN IP when setting up pfSense with Netgear M1 4G Router as Modemm,

Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions cgnat sim wan
4

0 Votes

4 Posts

1k Views

S

Ah, so more likely then it's not a conflict but that your ISP is handing you a technically invalid gateway that's outside the WAN subnet, which is only a single address. Fun.

There is an option to allow that for providers who decide to ignore the standards. In System > Routing > Gateways edit the dhcp gateway and set 'Use non-local gateway' in the advanced section.

Steve
M

IPSec Site to Site with peer behind CGNAT

Watching Ignoring Scheduled Pinned Locked Moved IPsec ipsec site-to-site cgnat
3

0 Votes

3 Posts

4k Views

M

For anyone who is interested (n00b here), i got it to work (branch to pfsense only):

Phase 1 remote subnet on pfsense has to be 0.0.0.0 with responder only option checked.

on Huawei Side, the following command had to be configured:
ipsec authentication sha2 compatible enable
the result is:

22accdc1-de10-456f-beb1-06c813df2382-image.png

The problem now is that pfsense does not direct traffic with destination to remote subnet (i.e. 10.2.20.0) through IPSec, it uses WAN0 for that. any ideas?

[update] working now, was pinging from the wrong device.