Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec passthrough not working with Xbox One

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sean2k5
      last edited by

      Well if i put on Automatic outbound NAT  IPsec works but i have a strict NAT

      but if i turn on Manual Nat IPsec dont work but nat is open

      need ipsec for Titianfall game joining and i have 2 xbox ones on same network

      My  outbound rules - i used to have duel wan but got rid of one wan 2 is my only wan

      WAN2 any                       *     *         4500     WAN2 address * YES nat-t
      WAN2 any udp/              *     *         udp/500     WAN2 address * YES test nat
      WAN2  any esp/              *     *         esp/*     WAN2 address * NO Day one Xbox One
      WAN2  192.168.1.0/24    *     *         *             WAN2 address * YES Auto created rule for LAN to WAN2
      WAN2  127.0.0.0/8       *        *         *             WAN2 address * YES Auto created rule for localhost to WAN2

      From Xbox .com

      Step 2: Check to see if IPSec pass-through is enabled

      The Xbox Cloud uses IPsec protocol to secure communication between your console and the Cloud. If IPsec is not enabled within your router’s settings, then you will be unable to communicate with the Cloud. This will interfere with multiplayer gaming.

      By default, most routers either do not allow you to disable IPsec, or they have it enabled by default. You will still need to verify this setting.

      Access your router’s settings to determine if your router has the ability to disable IPsec, and if so, make sure that IPsec is enabled.

      For more information about your specific router’s settings, see the device manufacturer’s support pages. For information that our community may have gathered on your device’s IPSec settings, visit our Networking Hardware Information forums and look for your specific network hardware. Please note that the forums are in English, so take advantage of Bing Translator if you need another language.

      Note Clicking this link opens a second browser window so that you won’t lose your place while you’re looking for information about how to configure your network hardware.

      Is IPSec pass-through enabled on your network device?

      1 Reply Last reply Reply Quote 0
      • S
        sean2k5
        last edited by

        $ grep tonatsubnets /tmp/rules.debug
        tonatsubnets = "{ 192.168.1.0/24 192.168.32.0/24 127.0.0.0/8 0.0.0.0  }"
        nat on $WAN2  from $tonatsubnets port 500 to any port 500 -> 207.255.220.70/32 port 500 
        nat on $WAN2  from $tonatsubnets to any -> 207.255.220.70/32 port 1024:65535

        found out that is the auto generated rules but how would i add them lil confused which is what

        Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description

        also im on

        2.1-RELEASE (amd64)
        built on Wed Sep 11 18:17:48 EDT 2013
        FreeBSD 8.3-RELEASE-p11

        1 Reply Last reply Reply Quote 0
        • P
          plankton2010
          last edited by

          I have been having the same problem. When I just connect my Netgear router, all works well.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.