Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense 2.1 feature question: NAT before IPsec (1:1 or many:1) outbound

    IPsec
    2
    2
    1319
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      ust
      last edited by

      Hello,

      Noticed with the release of 2.1 there is a new feature "NAT before IPsec (1:1 or many:1) outbound". If I'm interpreting this feature correctly, I think this may mean I can run one box under 2.1 instead of two as we are with 2.0.1.

      Reason we have two PFsense boxes is so we need to do NAT over IPSEC VPN. Our servers have private IPs but the other end of the IPSEC VPN only supports public IPs so extra PF box just does NAT as a work around for IPSEC VPN because it doesn't support public IPs at the endpoints.

      Can 2.1 now do what we want with one box?

      Best Regards,

      UST

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Most likely, yes, it can be done on a single box. In practice is depends on exactly how you need to handle inbound connections (if there are any).

        If you NAT everyone to a single public IP inside the tunnel and all of the connections go from you to the far side, then it works fine. If you need to do port forwards on that public IP back to hosts inside your network, then maybe not.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post