Nat and Ipsec Issiue

  • Hi all!

    Im running a Pfsense 2.1-RC1 (i386) built on Sun Aug 25 23:40:01 EDT 2013 Snapshot.

    Im working on a VPN Site to Site with Ipsec and have some troubles making the connection on the phase2.
    My costumer is asking me to masquerade all the traffic from my network to a single ip address. -> -> VPN -> x.x.x.x

    the remote IP has a rule which only accepts traffic from the IP

    I was trying to making a Nat before Ipsec on the Phase2 configuration
    Like this
    Local network:

    Local address:

    remote address: x.x.x.x32

    when i check the ipsec status on the SPD scheme

    its show this

    Source              Destination  >  <

    And im getting this error on the log and i cannot connect that phase2.

    "Aug 29 02:06:55 racoon: [Site-Site]: [RemotePublicAddress] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.
    Aug 29 02:06:55 racoon: [Site-Site]: [RemotePublicAddress] ERROR: error message: '>`N'."

    for the record i was trying to doing different configurations on the Ipsec Service and i got this message on some point

    08-28-13 23:23:08 [ There were error(s) loading the rules: /tmp/rules.debug:66: binat source mask and redirect mask must be the same - The line in question reads [66]: binat on enc0 from to x.x.x.x/32 ->]

    and lose all the conectivity to the outside.

    Sorry for my poor english if anyone could help me with this would be great! thx!

Log in to reply