Port forwarding to the VPN IPsec tunnel

  • Hi,
    We have problem in port forwarding to the tunnel VPN IPsec.
    My configuration:

    IPsec with

    IPsec with

    In pfsense2 I add NAT rule on WAN interface with redirect destination port 3342 to ip, but it doesn't work.
    I think problem is in selectors in P2 in IPsec.
    It's possible NAT this redirect to IPsec tunnel?
    Thanks fo help.

  • LAYER 8 Netgate

    No. IPsec won't do that if you are port forwarding from arbitrary addresses. You don't get reply-to at the side so replies will go out WAN instead of back across the IPsec tunnel.

    You can do that over an OpenVPN tunnel though.

  • Thanks for reply :)
    It really can't be done on pfsense? We have Fortigate in other location and this works fine with NAT.
    Maybe outbound NAT helps?
    WAN->Outbound NAT->IPsec
    I will also check the OpenVPN solution

  • OK - over an OpenVPN tunnel works fine - Thanks

  • @lukaszc
    Hi Lukaszc!
    How can you solve the problem over an OpenVPN?