1.2.3 RC3 and NAT-Traversal

  • Hello,

    I've searched for an answer to this but need help.

    Can someone confirm if PFSense 1.2.3 RC3 supports NAT-Traversal?

    I read somewhere that 1.2.3 would, but I am getting a NAT-Traversal error when I try to make an IPSEC tunnel using VPN Tracker to pfSense



  • Rebel Alliance Developer Netgate

    NAT-T was planned for 1.2.3 but had to be removed.

    It caused a lot of regressions and made IPsec unstable for many, many users. It broke tunnel renegotiation, DPD, and other features.

    NAT-T will be tried again for 2.0, but it was taken out before 1.2.3-RC3 was released.

  • Ok, thank you for clearing that up. Glad it wasn't me doing something wrong!

    I will try PPTP


  • Is it completely removed and physically not there or is there a hidden setting I can enable in a conf file to get nat transversal to work?

    My IPSec Client-Site is down after upgrading from 1.2.3-RC1 to 1.2.3-RC3.

    I'm thinking of downgrading if there's no option to do this.

  • Rebel Alliance Developer Netgate

    It required kernel support and a special build of ipsec-tools, so it has been completely removed, not just hidden.

  • thanks for clearing that up. i've downgraded from 1.2.3-RC3 to 1.2.3-RC1 and remote access VPN is working again. With 1.2.3-RC3 I would see phase 1 then phase 2 but not ESP packets, just lots of phase 2. 1.2.3-RC1 works well enough for me.

    hopefully some work gets done on 2.0 in the future. i tried a snapshot on the weekend, i now understand the meaning of "alpha-alpha"

Log in to reply