1 to 1 NAT through IPsec
Hi! I'm trying to make my servers on an internal network exit the firewall through an IPsec tunnel with a public IP.
I work at an ISP and have routed a /27 public network through an IPsec into my pfSense firewall at home. I've previously used FortiGate with policy-routing and virtual ips, but it doesn't seem to work the same way with pfSense.
On my P2 I've specified the /27 network as local subnet, and 0.0.0.0/0 as remote subnet.
In NAT 1:1:
External IP: xxx.xxx.93.13
Internal IP: 172.16.0.65
Destination IP: *
I had to port forward ICMP with destination xxx.xxx.93.13 to 172.16.0.65 to make my pings (from AWS) show up in tcpdump.
With NAT-reflection enabled, I can access the server with its public IP locally.
Outbound NAT is set to manual, with a mapping that says:
Source port: *
Destination port: *
NAT address: xxx.xxx.93.13
NAT port: *
Am I missing something? I've tried everything I could think of, and getting pretty frustrated.