Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    On interfaces and NAT

    NAT
    1
    1
    443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      streamholder
      last edited by

      Hello,
      I'm having difficulties understanding NAT and interfaces in pfSense.
      I don't understand why NAT for IPsec phase 2 tunnels works differently than every other NAT.

      For example, I have packets coming into the LAN interface being routed into the IPsec interface. They are being translated by the BINAT functionality that you can enable from the IPsec configuration pages.
      I don't get why I can't just achieve the same by putting the relevant rules in the 1:1 NAT configuration page. Is there an underlying technical reason or is it just like this by (poor, imho, but maybe I'm just not getting it) design?

      Also, I get why IPsec interfaces are just grouped in a general "IPsec" tab in the firewall (as far as I understand, FreeBSD uses a single enc0 interfaces for all IPsec packets, even though there could still be multiple tabs for better organization and visualization in my opinion), but I really don't get why it is the same for OpenVPN.

      Can anyone clarify this?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.