Moving from Linux to pfSense
-
I have moved an IPSEC configuration from a Linux box to pfSense and have phase 1 and 2 up just fine. I am able to ping the remote host no problem from the pfSense command line however the remote site requires we NAT all outgoing traffic to our public ip address. In Linux I have a simple POSTROUTING SNAT that does the job fine. I have tried to configure the same in pfSense but the packets are going out on the Internet route and not the tunnel as shown by "tcpdump -i em1 esp"
I've searched and I have read that the NAT won't work with IPSEC on pfSense but I'm hopeful that's not true. I've tried every possible combination I can think of and still no NAT. What I need looks like this:
192.168.0.0/24 (local net) –> 5.5.5.5/32 (PublicIP/SNAT addr) ----> 6.6.6.6/32 (RemoteVPNconcentrator) ---> 192.168.1.1/32 (remote host)
Is there no way to do the NAT so the remote sees our PublicIP? Tunnels are down and I am close to scrapping the project and using Linux (which has worked in this scenario for the previous 10 years).
-
It looks like I found my answer.. https://forum.pfsense.org/index.php?topic=49800.0
Regards.
-
Look at the usage of NAT onto ipsec on 2.1 that will help with your problem.