Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1 to 1 NAT through IPsec

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 376 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alex1756
      last edited by

      Hi! I'm trying to make my servers on an internal network exit the firewall through an IPsec tunnel with a public IP.

      I work at an ISP and have routed a /27 public network through an IPsec into my pfSense firewall at home. I've previously used FortiGate with policy-routing and virtual ips, but it doesn't seem to work the same way with pfSense.

      On my P2 I've specified the /27 network as local subnet, and 0.0.0.0/0 as remote subnet.

      In NAT 1:1:
      Interface: IPsec
      External IP: xxx.xxx.93.13
      Internal IP: 172.16.0.65
      Destination IP: *

      I had to port forward ICMP with destination xxx.xxx.93.13 to 172.16.0.65 to make my pings (from AWS) show up in tcpdump.
      With NAT-reflection enabled, I can access the server with its public IP locally.

      Outbound NAT is set to manual, with a mapping that says:
      Interface: IPsec
      Source: 172.16.0.65
      Source port: *
      Destination: *
      Destination port: *
      NAT address: xxx.xxx.93.13
      NAT port: *

      Am I missing something? I've tried everything I could think of, and getting pretty frustrated.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.