IPSEC + BINAT AND "SAME NETWORK"
-
Hello everyone,
I'm using version 2.2.1, and am facing the following situation where perfectly worked on Linux with Openswan it is:
LOCAL NETWORK: 172.20.16.0/21
IPSEC TUNNEL A - PHASE 2:
tunnel - LOCAL NETWORK - 10.1.0.0.0 / 16 (NO NAT)
IPSEC TUNNEL B - PHASE 2:
tunnel - 10.202.9.32/30 - 10.0.0.0.0 / 8 (ENABLE NAT OF OPTION) - This tunnel makes a nat to go out with the network 10.202.9.32/30
Each tunnel has its phase 1, are tunnels with different places.
Let the case now:
When I enable TUNNEL B, and perform a ping to the TUNNEL A, see the following output in command: pfctl -s state | grep 10.1.0
enc0 icmp 10.202.9.32:39801 (172.23.16.11:6958) -> 10.1.0.135:39801 0: 0
that is he doing nat.
I've tried adding NAT rules, etc … can someone help me?
-
Staff believe that is the problem: https://redmine.pfsense.org/issues/4504
Someone al uses version 2.2.2? it will not downgrade to version 2.1.5
Thz.