Unable to negotiage IPSEC tunnel from local network



  • I am not sure if this is the right place for this post.  It was between the IPSEC and NAT forums.

    First some background,
    I have a connection to a remote network set up using an IPSEC VPN.  The remote gateway is xxx.xxx.xxx.15, and the remote network is xxx.xxx.xxx.23.  My local VPN gateway is the pfSense WAN gateway with an IP address of yyy.yyy.yyy.72, and my local network that I am making available via IPSEC is a CARP address on the WAN interface of yyy.yyy.yyy.77.  NAT redirection is turned on so that yyy.yyy.yyy.77 is accessible from within the firewall.  yyy.yyy.yyy.77 uses PAT/NAT to redirect VPN clients to their true destination inside my network.

    Almost all of the above is working as it should.  The problem that I am running into is that I can only bring the tunnel up from the remote side.  I presume this has something to do with how I am terminating the remote network to a CARP address and port forwarding it, but I do not know how to resolve my issue.  Can anyone help me so that I can bring the tunnel up from my local network?



  • I got tired of waiting for forum posts so I checked out IRC.  According to cmb, "you can't NAT traffic destined to IPSEC in FreeBSD"
    The only way to accomplish what I want is to set up an additional pfSense box, or move to a Linux distribution like IPCop.


Log in to reply