IPSEC + BINAT AND "SAME NETWORK"



  • Hello everyone,

    I'm using version 2.2.1, and am facing the following situation where perfectly worked on Linux with Openswan it is:

    LOCAL NETWORK: 172.20.16.0/21

    IPSEC TUNNEL A - PHASE 2:

    tunnel - LOCAL NETWORK - 10.1.0.0.0 / 16 (NO NAT)

    IPSEC TUNNEL B - PHASE 2:

    tunnel - 10.202.9.32/30 - 10.0.0.0.0 / 8 (ENABLE NAT OF OPTION) - This tunnel makes a nat to go out with the network 10.202.9.32/30

    Each tunnel has its phase 1, are tunnels with different places.

    Let the case now:

    When I enable TUNNEL B, and perform a ping to the TUNNEL A, see the following output in command: pfctl -s state | grep 10.1.0

    enc0 icmp 10.202.9.32:39801 (172.23.16.11:6958) -> 10.1.0.135:39801 0: 0

    that is he doing nat.

    I've tried adding NAT rules, etc … can someone help me?



  • Staff believe that is the problem: https://redmine.pfsense.org/issues/4504

    Someone al uses version 2.2.2? it will not downgrade to version 2.1.5

    Thz.


Log in to reply