IPSEC passthrough
-
Hi all,
Perphaps a stupid question here but not found the answer on the forum. How can I have the ipsec passthrough feature in advanced mode ;D? Or in the other way, How can I make the default rule to use WAN CARP address instead of WAN Adress ?. A pfcfl -s nat shows that you have built in rule for ispec passthrough on the isakmp port. But we can't make such rules through the web interface. Do I have to modify the php file where nat rules are generated to make pfense use the WAN CARP instead of the WAN Adress ?
-
spotted those lines in filter.inc :
$natrules .= filter_nat_rules_generate_if($wanif,
"{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false);I'll try putting one juste after the Avanced NAt block, using my WAN CARP instead of $wanif
-
You can create that rule manually at advanced outbound nat. It's just a static port rule for port 500.
-
damned you are right, so blind I am. Thanks a lot Hoba, I was looking for somehting more difficult than it is…