IPSEC passthrough

  • Hi all,

    Perphaps a stupid question here but not found the answer on the forum. How can I have the ipsec passthrough feature in advanced mode  ;D? Or in the other way, How can I make the default rule to use WAN CARP address instead of WAN Adress ?. A pfcfl -s nat shows that you have built in rule for ispec passthrough on the isakmp port. But we can't make such rules through the web interface. Do I have to modify the php file where nat rules are generated to make pfense use the WAN CARP instead of the WAN Adress ?

  • spotted those lines in filter.inc :
    $natrules .= filter_nat_rules_generate_if($wanif,
                            "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false);

    I'll try putting one juste after the Avanced NAt block, using my WAN CARP instead of $wanif

  • You can create that rule manually at advanced outbound nat. It's just a static port rule for port 500.

  • damned you are right, so blind I am. Thanks a lot Hoba, I was looking for somehting more difficult than it is…