Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to negotiage IPSEC tunnel from local network

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pakroby
      last edited by

      I am not sure if this is the right place for this post.  It was between the IPSEC and NAT forums.

      First some background,
      I have a connection to a remote network set up using an IPSEC VPN.  The remote gateway is xxx.xxx.xxx.15, and the remote network is xxx.xxx.xxx.23.  My local VPN gateway is the pfSense WAN gateway with an IP address of yyy.yyy.yyy.72, and my local network that I am making available via IPSEC is a CARP address on the WAN interface of yyy.yyy.yyy.77.  NAT redirection is turned on so that yyy.yyy.yyy.77 is accessible from within the firewall.  yyy.yyy.yyy.77 uses PAT/NAT to redirect VPN clients to their true destination inside my network.

      Almost all of the above is working as it should.  The problem that I am running into is that I can only bring the tunnel up from the remote side.  I presume this has something to do with how I am terminating the remote network to a CARP address and port forwarding it, but I do not know how to resolve my issue.  Can anyone help me so that I can bring the tunnel up from my local network?

      1 Reply Last reply Reply Quote 0
      • P
        pakroby
        last edited by

        I got tired of waiting for forum posts so I checked out IRC.  According to cmb, "you can't NAT traffic destined to IPSEC in FreeBSD"
        The only way to accomplish what I want is to set up an additional pfSense box, or move to a Linux distribution like IPCop.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.