On interfaces and NAT



  • Hello,
    I'm having difficulties understanding NAT and interfaces in pfSense.
    I don't understand why NAT for IPsec phase 2 tunnels works differently than every other NAT.

    For example, I have packets coming into the LAN interface being routed into the IPsec interface. They are being translated by the BINAT functionality that you can enable from the IPsec configuration pages.
    I don't get why I can't just achieve the same by putting the relevant rules in the 1:1 NAT configuration page. Is there an underlying technical reason or is it just like this by (poor, imho, but maybe I'm just not getting it) design?

    Also, I get why IPsec interfaces are just grouped in a general "IPsec" tab in the firewall (as far as I understand, FreeBSD uses a single enc0 interfaces for all IPsec packets, even though there could still be multiple tabs for better organization and visualization in my opinion), but I really don't get why it is the same for OpenVPN.

    Can anyone clarify this?


Log in to reply