• Hi All!

    I am trying to port an existing ASTARO configuration to pfsense. That's the desired Setup: (NAT to <-> (that's a faked IP)

    In ASTARO there is a SNAT rule to do the NAT from to, the tunnel is defined by <->

    With pfSense the tunnel comes up with defining the phase2 connection by <->, WITHOUT NAT/BINAT.

    As soon as I define the phase2 setup like (NAT to <-> the tunnel fails and I have the following problems:

    • pfsense complains that the networks and do not fit
    • even if I change the setup to be (NAT to <-> the tunnel will not come up
    • defining the setup like (NAT to <-> makes the tunnel not come up

    I assume that ASTARO does the NATing before evaluating the IPSEC tunnel and pfsense does not. Is there a way to NAT the traffic to before it hits the IPSEC tunnel?

    What options do I have?

    Best Regards,

  • Normally you should provide the log of what is going wrong.

    From ipsec side of things this does not matter at all.
    As soon in pfSense you define the natting the other side will not see the private ips at all.

    So it does not matter how you express policies of NAT here since the other side will not look ever at that.
    Its just some parameters do not match there and that is what the log will express hence the need for it.

Log in to reply