Topics tagged under "cgnat" | Netgate Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

P

Can't get WAN IP when setting up pfSense with Netgear M1 4G Router as Modemm,

General pfSense Questions
• cgnat sim wan • Sep 10, 2020, 1:17 AM • PzrrL Sep 11, 2020, 1:03 PM

4

0
Votes

4
Posts

1.2k
Views

S Sep 11, 2020, 1:03 PM

Ah, so more likely then it's not a conflict but that your ISP is handing you a technically invalid gateway that's outside the WAN subnet, which is only a single address. Fun.

There is an option to allow that for providers who decide to ignore the standards. In System > Routing > Gateways edit the dhcp gateway and set 'Use non-local gateway' in the advanced section.

Steve
M

IPSec Site to Site with peer behind CGNAT

IPsec
• ipsec site-to-site cgnat • Aug 9, 2019, 1:21 AM • mohsh86 Aug 13, 2019, 3:24 AM

3

0
Votes

3
Posts

3.7k
Views

M Aug 13, 2019, 3:24 AM

For anyone who is interested (n00b here), i got it to work (branch to pfsense only):

Phase 1 remote subnet on pfsense has to be 0.0.0.0 with responder only option checked.

on Huawei Side, the following command had to be configured:
ipsec authentication sha2 compatible enable
the result is:

22accdc1-de10-456f-beb1-06c813df2382-image.png

The problem now is that pfsense does not direct traffic with destination to remote subnet (i.e. 10.2.20.0) through IPSec, it uses WAN0 for that. any ideas?

[update] working now, was pinging from the wrong device.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.