Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Moving from Linux to pfSense

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 879 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      saysocomm
      last edited by

      I have moved an IPSEC configuration from a Linux box to pfSense and have phase 1 and 2 up just fine. I am able to ping the remote host no problem from the pfSense command line however the remote site requires we NAT all outgoing traffic to our public ip address. In Linux I have a simple POSTROUTING SNAT that does the job fine. I have tried to configure the same in pfSense but the packets are going out on the Internet route and not the tunnel as shown by "tcpdump -i em1 esp"

      I've searched and I have read that the NAT won't work with IPSEC on pfSense but I'm hopeful that's not true. I've tried every possible combination I can think of and still no NAT. What I need looks like this:

      192.168.0.0/24 (local net) –> 5.5.5.5/32 (PublicIP/SNAT addr) ----> 6.6.6.6/32 (RemoteVPNconcentrator) ---> 192.168.1.1/32 (remote host)

      Is there no way to do the NAT so the remote sees our PublicIP? Tunnels are down and I am close to scrapping the project and using Linux (which has worked in this scenario for the previous 10 years).

      1 Reply Last reply Reply Quote 0
      • S
        saysocomm
        last edited by

        It looks like I found my answer.. https://forum.pfsense.org/index.php?topic=49800.0

        Regards.

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          Look at the usage of NAT onto ipsec on 2.1 that will help with your problem.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.