Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC passthrough

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 10.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Juve
      last edited by

      Hi all,

      Perphaps a stupid question here but not found the answer on the forum. How can I have the ipsec passthrough feature in advanced mode  ;D? Or in the other way, How can I make the default rule to use WAN CARP address instead of WAN Adress ?. A pfcfl -s nat shows that you have built in rule for ispec passthrough on the isakmp port. But we can't make such rules through the web interface. Do I have to modify the php file where nat rules are generated to make pfense use the WAN CARP instead of the WAN Adress ?

      1 Reply Last reply Reply Quote 0
      • J
        Juve
        last edited by

        spotted those lines in filter.inc :
        $natrules .= filter_nat_rules_generate_if($wanif,
                                "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false);

        I'll try putting one juste after the Avanced NAt block, using my WAN CARP instead of $wanif

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          You can create that rule manually at advanced outbound nat. It's just a static port rule for port 500.

          1 Reply Last reply Reply Quote 0
          • J
            Juve
            last edited by

            damned you are right, so blind I am. Thanks a lot Hoba, I was looking for somehting more difficult than it is…

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.