OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: utahbmxer on July 20, 2022, 11:31:57 pm
-
Trying to convert an existing VPN from policy to route-based. The tunnel works fine, but when I enable my 1:1 NAT rule, the traffic never actually leaves the firewall. It's funny, if I do a tcpdump on the VTI, it appears that traffic is leaving. However, it's not as I don't see the ESP frames leave my WAN interface, nor are they seen at the remote site. Disable the NAT and traffic flows.
To use the 1:1 NAT on the policy-based tunnel, I had to add the "real" local host into the Manual SPD entries field of the phase2 entry, however that is not present on routed tunnels. I'm at a loss.