Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense IPsec route and source NAT

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 249 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alaamrim
      last edited by

      Hello everyone,
      I got this client request to create a VPN tunnel with another 3rd party site, Their requirement is to have all the traffic from my local network (172.16.9.0/24) masked (source NAT) via 192.168.103.103/32 to their dest network (10.20.0.0/16).
      I have the IPSec tunnel configured up and running both P1 and P2, however, I dont see any local routes to 10.20.0.0, moreover I had to specifiy the local network as 192.168.103.103/32 in order to bring P2 up, which I dont even have this subnet on my network its just source nat they provided and it seems they only permit this /32 IP to access.
      can someone please shed some light on what I am doing wrong here or what I am missing? I tried outbound routes and couldnt see any different

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @alaamrim
        last edited by

        @alaamrim
        You need to configure your phase 2 this way:

        local network: 172.16.9.0/24
        BINAT: address > 192.168.103.103
        remote network: 10.20.0.0/16

        This VPN enables you to access the remote site, but the remote is not able to access your site, since you only have a single address.

        A 1 Reply Last reply Reply Quote 1
        • A
          alaamrim @viragomann
          last edited by

          @viragomann Thank you so much, It's 100% correct I figured it out that's exactly what I have done now. And yes it's only access from one side. Thanks again appreciate your time

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.