4. Moving from Linux to pfSense

Moving from Linux to pfSense

  • S

    I have moved an IPSEC configuration from a Linux box to pfSense and have phase 1 and 2 up just fine. I am able to ping the remote host no problem from the pfSense command line however the remote site requires we NAT all outgoing traffic to our public ip address. In Linux I have a simple POSTROUTING SNAT that does the job fine. I have tried to configure the same in pfSense but the packets are going out on the Internet route and not the tunnel as shown by "tcpdump -i em1 esp"

    I've searched and I have read that the NAT won't work with IPSEC on pfSense but I'm hopeful that's not true. I've tried every possible combination I can think of and still no NAT. What I need looks like this:

    192.168.0.0/24 (local net) –> 5.5.5.5/32 (PublicIP/SNAT addr) ----> 6.6.6.6/32 (RemoteVPNconcentrator) ---> 192.168.1.1/32 (remote host)

    Is there no way to do the NAT so the remote sees our PublicIP? Tunnels are down and I am close to scrapping the project and using Linux (which has worked in this scenario for the previous 10 years).

    0
  • S

    It looks like I found my answer.. https://forum.pfsense.org/index.php?topic=49800.0

    Regards.

    0
  • E

    Look at the usage of NAT onto ipsec on 2.1 that will help with your problem.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy