Nat and Ipsec Issiue



  • Hi all!

    Im running a Pfsense 2.1-RC1 (i386) built on Sun Aug 25 23:40:01 EDT 2013 Snapshot.

    Im working on a VPN Site to Site with Ipsec and have some troubles making the connection on the phase2.
    My costumer is asking me to masquerade all the traffic from my network to a single ip address.

    10.10.13.0/24 -> 10.10.13.100 -> VPN -> x.x.x.x

    the remote IP has a rule which only accepts traffic from the IP 10.10.13.100.

    I was trying to making a Nat before Ipsec on the Phase2 configuration
    Like this
    Local network: 10.10.13.0/24

    Local address: 10.10.13.100/32

    remote address: x.x.x.x32

    when i check the ipsec status on the SPD scheme

    its show this

    Source              Destination
    200.10.8.144 10.10.13.100  >
    10.10.13.0/24 200.10.8.144  <

    And im getting this error on the log and i cannot connect that phase2.

    "Aug 29 02:06:55 racoon: [Site-Site]: [RemotePublicAddress] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.
    Aug 29 02:06:55 racoon: [Site-Site]: [RemotePublicAddress] ERROR: error message: '>`N'."

    for the record i was trying to doing different configurations on the Ipsec Service and i got this message on some point

    08-28-13 23:23:08 [ There were error(s) loading the rules: /tmp/rules.debug:66: binat source mask and redirect mask must be the same - The line in question reads [66]: binat on enc0 from 10.10.13.0/24 to x.x.x.x/32 -> 10.10.13.100/32]

    and lose all the conectivity to the outside.

    Sorry for my poor english if anyone could help me with this would be great! thx!


Log in to reply