How to nat OPT interface to WAN and get it through tunnel?
-
Hi,
i have a little problem with understanding. i am reading docs and trying since last week but i kind of fail at that...
I have a server with a private IP on OPT interface ( dmz ) which needs to connect to another server across ipsec.
The other server and the peer have public IP addresses, so does my pfsense. I have no control over the peer or server on the other side.
Phase 1 opens beautifully, then it gets lost somehow. firewall rules seem ok, they show traffic passing from the private server address via OPT to the remote public address...
the Phase2 is configured: my WAN interface ip ( public ) to their server public IP, so i have to NAT the traffic from my private server to my WAN interface and from there it has to go into the tunnel, to reach the other server across the tunnel.
They already have all private IP ranges used ( huge international airport ) so i HAVE to nat, they cannot provide a private net.
Mode: Tunnel IPv4
Local Network: Address 192.168.33.61
NAT/BINAT Translation: Type Address, My Public IP
Remote Network: Their Public IP of the ServerDebug log says
Nov 10 09:44:56 charon 08[CFG] leftsubnet=( my WAN interface )
Nov 10 09:44:56 charon 08[CFG] leftsubnet=( my WAN interface )
Nov 10 09:44:56 charon 08[CFG] rightsubnet=their server IP
Nov 10 09:44:56 charon 08[CFG] rightsubnet=their server IPand
Nov 10 09:44:56 charon 08[CHD] CHILD_SA con1000{1314} state change: CREATED => ROUTED
Nov 10 09:44:56 charon 08[CHD] CHILD_SA con1000{1314} state change: CREATED => ROUTEDwhat startles me a bit though is that they all appear twice...
Now... there is no traffic going through. when i traceroute on the server it shows the OPT interface on the pfsense and then just *s
firewall is opened for traceroute udp ports on the OPT interface and IPsec, on WAN it shows no block.I am lost.