1. Home
  2. pfSense® Software
  3. IPsec
  4. Moving from Linux to pfSense

Moving from Linux to pfSense

  • S

    I have moved an IPSEC configuration from a Linux box to pfSense and have phase 1 and 2 up just fine. I am able to ping the remote host no problem from the pfSense command line however the remote site requires we NAT all outgoing traffic to our public ip address. In Linux I have a simple POSTROUTING SNAT that does the job fine. I have tried to configure the same in pfSense but the packets are going out on the Internet route and not the tunnel as shown by "tcpdump -i em1 esp"

    I've searched and I have read that the NAT won't work with IPSEC on pfSense but I'm hopeful that's not true. I've tried every possible combination I can think of and still no NAT. What I need looks like this:

    192.168.0.0/24 (local net) –> 5.5.5.5/32 (PublicIP/SNAT addr) ----> 6.6.6.6/32 (RemoteVPNconcentrator) ---> 192.168.1.1/32 (remote host)

    Is there no way to do the NAT so the remote sees our PublicIP? Tunnels are down and I am close to scrapping the project and using Linux (which has worked in this scenario for the previous 10 years).

    0
  • S

    It looks like I found my answer.. https://forum.pfsense.org/index.php?topic=49800.0

    Regards.

    0
  • E

    Look at the usage of NAT onto ipsec on 2.1 that will help with your problem.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy