source IP for file share access over IPSEC tunnel for site to site VPN

  • Hi All,

    we do have site to site IP sec VPN tunnel using pfsense appliance on Amazon aws with remote site.

    Instance has got multiple interfaces.

    Primary WAN is using private ip on amazon, Internal interface

    Remote client needs to access file share which is on one of internal subnets. File share is using

    We are accessing file share over IP address, but when traffic comes back to the client source ip is and firewall does not allow that. Is there a way to change source IP on the way back to use the same source IP when it goes back to IP sec tunnel?

    Many thanks,

  • what I am trying to archive is something similar to windows command:

    netsh interface portproxy add v4tov4 listenport=139 listenaddress= connectport=139 connectaddress=

    netsh interface portproxy add v4tov4 listenport=445 listenaddress= connectport=445 connectaddress=

    At this case traffic is coming back with correct source IP.

  • As I've written half an hour ago in another reply:

    pf in FreeBSD has a bug that doesn't allow NAT after IPsec. So whatever you do, you have to do it on the INCOMING interface at the other end. You cannot do it on the outgoing interface of the other end or the incoming one on your end.

    I don't know if this has been fixed yet, but by the looks of all the questions in here it seems like it's still there.

  • Thanks for you update.

    I have implemented it by using proxy Linux instance which is doing port forwarding.

Log in to reply