NAT with dynamic interface address
-
Hello,
I have to configure in my work place a site to site AnyConnect Cisco VPN.
I'm using the OpenConnect binary to do it and I've managed to create all the rules to get it working, BUT as it gives the Tun interface a new IP every time I create a new connection my NAT rule stops working.
The problem is when I save the rule using the PFSense WebGui it saves the IP address that was given to the interface in that moment and it never gets updated unless I click the save button again.
I can edit the OpenConnect script to add the necessary command to reload the rules, but first I have to update my VPN rule and I dont know how to do that.
My question is how can I do that? Is there a way to create a dynamic NAT rule?
Thank you.
-
Hi arielmoraes,
i have the same problem. Did you found a solution for this?
regards, jochen
-
Also got the same issue - Did anyone manage to figure out a way to do this in the Script. I have to manually go into the GUI > Routing and Click Apply Changes each time the VPN connection is dropped and restarted
-
Has anyone found a solution yet? Same problem here.
-
Has anyone found a solution yet? Same problem here.
OK, answering my own question here… with a gateway named 'VPN_Gateway' the following works for me:
# grab our new IP address, edit the config file, and reload the filters ip=`$ifconfig $iface | grep ‘inet ‘ | awk ‘{ print $2 }’` xml ed -L -u ‘//gateway_item[name=”VPN_Gateway”]/gateway’ -v $ip /cf/conf/config.xml /etc/rc.filter_configure