Traffic through IPSec without NAT



  • Hello,

    I have a little problem using pfsense as vpn software appliance on aws. pfsense connect to existing remote vpn-hardware appliance.

    Defined IPSec configuration:

    Remote Network: 10.0.0.0/16
    Local Network:  192.168.2.0/24

    Next to pfsense, the vpc contains some more servers, e.g. 192.168.2.10, wich should be accessible through vpn.

    The vpn connection is established successfully. Phase 1 and 2 is working.

    When I try to access some services from an instance on the remote side, e.g. access HTTP through vpn, "wget http://192.168.2.10" the access is only possible, when I enable outbound NAT for source 10.0.0.0/16 on WAN address. Otherwise, the incoming packets are not delivered or answered.

    Is it possible to access services without NAT, because for some accessible services I need the original requester ip.

    Best regards

    Stefan



  • After helpful discussion on the irc - thank you rawtaz - the problem could be solved.

    Generally, I have to add an additional static route for the remote network. When I create this route, I could deactivate complete NAT handling and it works as expected.


Log in to reply