Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC + BINAT AND "SAME NETWORK"

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 713 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      s3ri4l
      last edited by

      Hello everyone,

      I'm using version 2.2.1, and am facing the following situation where perfectly worked on Linux with Openswan it is:

      LOCAL NETWORK: 172.20.16.0/21

      IPSEC TUNNEL A - PHASE 2:

      tunnel - LOCAL NETWORK - 10.1.0.0.0 / 16 (NO NAT)

      IPSEC TUNNEL B - PHASE 2:

      tunnel - 10.202.9.32/30 - 10.0.0.0.0 / 8 (ENABLE NAT OF OPTION) - This tunnel makes a nat to go out with the network 10.202.9.32/30

      Each tunnel has its phase 1, are tunnels with different places.

      Let the case now:

      When I enable TUNNEL B, and perform a ping to the TUNNEL A, see the following output in command: pfctl -s state | grep 10.1.0

      enc0 icmp 10.202.9.32:39801 (172.23.16.11:6958) -> 10.1.0.135:39801 0: 0

      that is he doing nat.

      I've tried adding NAT rules, etc … can someone help me?

      1 Reply Last reply Reply Quote 0
      • S
        s3ri4l
        last edited by

        Staff believe that is the problem: https://redmine.pfsense.org/issues/4504

        Someone al uses version 2.2.2? it will not downgrade to version 2.1.5

        Thz.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.