BINAT OK over IPsec on 2.1?

  • Hello,

    I understand that bidirecting NAT'ing is now supported over IPSec in 2.1?

    So, the procedure to solve a routing conflict for this would be:
 <=pfsense 2.1==>=binat==> <====ipsec====><=remote endpoint=>
                                            (NAT'd local LAN)

    Configure IPSec tunnel as normal on the pfSense side, but in Phase2 under Local Network NAT/BINAT, select Type: 'LAN subnet' and fill in

    Then, after the tunnel establishes, the remote LAN can access the local IPs as follows? -> -> ->

  • Rebel Alliance Developer Netgate

    Yes, NAT+IPsec works fine on 2.1 and later.

    It's close to what you said: Select Type=LAN Subnet, and then in the NAT options directly under that choice, pick Network and then enter

    Firewall rules would still refer to 192.168.1.x (rules after NAT, as always)

Log in to reply