On interfaces and NAT
streamholder last edited by
I'm having difficulties understanding NAT and interfaces in pfSense.
I don't understand why NAT for IPsec phase 2 tunnels works differently than every other NAT.
For example, I have packets coming into the LAN interface being routed into the IPsec interface. They are being translated by the BINAT functionality that you can enable from the IPsec configuration pages.
I don't get why I can't just achieve the same by putting the relevant rules in the 1:1 NAT configuration page. Is there an underlying technical reason or is it just like this by (poor, imho, but maybe I'm just not getting it) design?
Also, I get why IPsec interfaces are just grouped in a general "IPsec" tab in the firewall (as far as I understand, FreeBSD uses a single enc0 interfaces for all IPsec packets, even though there could still be multiple tabs for better organization and visualization in my opinion), but I really don't get why it is the same for OpenVPN.
Can anyone clarify this?