Port forwarding to the VPN IPsec tunnel



  • Hi,
    We have problem in port forwarding to the tunnel VPN IPsec.
    My configuration:

    pfsense1:
    IPsec with 192.168.50.0/24

    pfsense2:
    IPsec with 172.16.33.0/24

    In pfsense2 I add NAT rule on WAN interface with redirect destination port 3342 to ip 192.168.50.128, but it doesn't work.
    I think problem is in selectors in P2 in IPsec.
    It's possible NAT this redirect to IPsec tunnel?
    Thanks fo help.


  • LAYER 8 Netgate

    No. IPsec won't do that if you are port forwarding from arbitrary addresses. You don't get reply-to at the 192.168.50.128 side so replies will go out WAN instead of back across the IPsec tunnel.

    You can do that over an OpenVPN tunnel though.



  • Thanks for reply :)
    It really can't be done on pfsense? We have Fortigate in other location and this works fine with NAT.
    Maybe outbound NAT helps?
    WAN->Outbound NAT->IPsec
    I will also check the OpenVPN solution
    Thanks.



  • OK - over an OpenVPN tunnel works fine - Thanks