NAT / Port forward to IPsec tunnel
I am running into some issues I am unable to solve so far.
I have a pfSense 2.4.5 running on an AWS EC2 instance which has multiple IPsec tunnels established with external firewalls of all kinds. Traffic is flowing and it's working nicely.
For each tunnel I created a separate VLAN with it's own IP, created a gateway and a static route for traffic that is intended within the IPsec network to be routed via that gateway.
Additionally I also created Port Forwarding so that traffic going to the pfsense private IP is forwarded to each tunnel.
i.e pfsense IP: 22.214.171.124 port 6000 -> 10.10.10.10 port 1433
Problem here, when connected to the pfsense box via OpenVPN this is working nicely, however when trying it from within the AWS network that is sitting behind the pfsense, I have no success.
So I installed HAProxy and did basically the same, and this is working. So I don't think it's an issue within AWS or even firewall rules, but maybe either a limitation of pfsense or a misconfiguration on the Port Forwarding / NAT.