Moving from Linux to pfSense

  • I have moved an IPSEC configuration from a Linux box to pfSense and have phase 1 and 2 up just fine. I am able to ping the remote host no problem from the pfSense command line however the remote site requires we NAT all outgoing traffic to our public ip address. In Linux I have a simple POSTROUTING SNAT that does the job fine. I have tried to configure the same in pfSense but the packets are going out on the Internet route and not the tunnel as shown by "tcpdump -i em1 esp"

    I've searched and I have read that the NAT won't work with IPSEC on pfSense but I'm hopeful that's not true. I've tried every possible combination I can think of and still no NAT. What I need looks like this: (local net) –> (PublicIP/SNAT addr) ----> (RemoteVPNconcentrator) ---> (remote host)

    Is there no way to do the NAT so the remote sees our PublicIP? Tunnels are down and I am close to scrapping the project and using Linux (which has worked in this scenario for the previous 10 years).

  • It looks like I found my answer..


  • Look at the usage of NAT onto ipsec on 2.1 that will help with your problem.

Log in to reply