Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN betwenn pfSense and dynamic client

    Scheduled Pinned Locked Moved IPsec
    6 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      crave
      last edited by

      Hi,

      i have a question, i want to do a IPsec connection betwenn my firewall and a mobile client, this could be behind a NAT. The question is, is this possible because pfSense doesn't support NAT traversal? Or is there any other way to do this?

      crave

      1 Reply Last reply Reply Quote 0
      • T
        tacfit
        last edited by

        Yep, it works great. The issue with NAT traversal is a client side one. In my case my router (Buffalo something, can't remember) has an option for IPSec NAT passthrough. Once I turned that on, I could dial out to my pfsense server at work without any problems.

        There's a tutorial explaining how to set up pfsense with a mobile client. It's from the perspective of connecting 2 pfsense boxes, but I had no trouble getting it to work with a 3com VPN router.

        1 Reply Last reply Reply Quote 0
        • C
          crave
          last edited by

          But a router would have an official ip, my problem is i would connect a notebook with an installed IPsec client behind a (NAT) router!

          1 Reply Last reply Reply Quote 0
          • F
            fastcon68
            last edited by

            I connect from behind my PF-Sense box to my VPN and 3 other at this time with no issue.  Give use a little more detail.  That might be more helpful in getting to the root of your problem.

            1 Reply Last reply Reply Quote 0
            • C
              crave
              last edited by

              This is the situation:

              on one site there is my pf sense and i would connect to it with my notebook e.g. i connect to the internet on another internet accesspoint i would be able to access my LAN.

              crave

              1 Reply Last reply Reply Quote 0
              • T
                tacfit
                last edited by

                OK, given your wording I'm still not entirely sure your problem. It sounds like you're asking this:

                1. You have your pfsense server setup "normally", with a static IP.
                2. You want to connect to it via IPSEC, from other places, like home or an internet cafe.

                As I said, the configuration issue is with the router you are behind, when you're at home or at the cafe. It's not a question of the router's IP, it's the IPSEC NAT settings. If the router has been configured to pass IPSEC through the NAT, then it will work fine. Otherwise, no luck. That's a limitation with IPSEC, it's not NAT friendly, so the router your laptop is behind must be configured to pass IPSEC through NAT unhindered. Most routers have this option, some older ones won't.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.