• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routed IPSec reply-to

IPsec
2
4
543
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kevindd992002
    last edited by May 2, 2020, 4:46 PM

    I know that in the documents it says the reply-to for IPSec does not currently work. Is there any known workaround to this? Or is it in the works to make it happen? I don't want to and create custom outbound nat rules for when someone tries to access a server inside the network in the far end.

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by May 6, 2020, 5:25 PM

      It's a limitation in FreeBSD and there isn't any way to know if/when it'll be fixed there. We may direct some resources toward it eventually but no ETA on when we might be able to do something like that.

      In some cases you may be able to work around it. If most of your needs are for web-based services then HAProxy may be able to help. Client on far side hits HAProxy which proxies to internal host... Since the remote client is talking to HAProxy, and HAProxy is talking to the server, no need for reply-to.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      K 2 Replies Last reply May 6, 2020, 7:18 PM Reply Quote 0
      • K
        kevindd992002 @jimp
        last edited by May 6, 2020, 7:18 PM

        @jimp said in Routed IPSec reply-to:

        It's a limitation in FreeBSD and there isn't any way to know if/when it'll be fixed there. We may direct some resources toward it eventually but no ETA on when we might be able to do something like that.

        In some cases you may be able to work around it. If most of your needs are for web-based services then HAProxy may be able to help. Client on far side hits HAProxy which proxies to internal host... Since the remote client is talking to HAProxy, and HAProxy is talking to the server, no need for reply-to.

        I see. Well my use case is pretty insecure anyway. I have some applications in the far end of the tunnel where they can be accessed by using the local end of the tunnel's static IP. So all port forwards are done in the local end. Without reply-to, I have to create outbound NAT rules. But yeah, I shouldn't be exposing these in the Internet anyway and just use vpn remote access when I need to access their UI's.

        1 Reply Last reply Reply Quote 0
        • K
          kevindd992002 @jimp
          last edited by Dec 28, 2020, 6:31 AM

          @jimp said in Routed IPSec reply-to:

          It's a limitation in FreeBSD and there isn't any way to know if/when it'll be fixed there. We may direct some resources toward it eventually but no ETA on when we might be able to do something like that.

          In some cases you may be able to work around it. If most of your needs are for web-based services then HAProxy may be able to help. Client on far side hits HAProxy which proxies to internal host... Since the remote client is talking to HAProxy, and HAProxy is talking to the server, no need for reply-to.

          For non-web-based services like Plex and Deluge where I need to port forward on the local end to access these servers on the far end, can HAProxy work? I tried outbound NAT with IPsec on the local end and it is not working. It works for OpenVPN just fine.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.