OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: deekdeeker on October 28, 2019, 12:13:09 am

Title: Source NAT over IPSEC
Post by: deekdeeker on October 28, 2019, 12:13:09 am

Hello,
I need to do a source NAT over an IPSEC tunnel , when i apply the rule no traffic seems to go through. I did pull up some old posts on this not being supported only via 1-1 NAT only, Can anyone shed any more information on this? I have ubiquity edge router that does this and is also using strongswan.

Title: Re: Source NAT over IPSEC
Post by: mimugmail on October 28, 2019, 07:10:00 am

Just search for binat IPsec, it's documented and works fine :)

Title: Re: Source NAT over IPSEC
Post by: deekdeeker on October 28, 2019, 02:15:16 pm

Thanks,
 In researching BINAT it seems that this is only avail in the One-to-one NAT section. Im just wondering if this will work or not in my scenario. Currently on the edgerouter I have source NATs from multiple LAN IP's  to the translated IPSEC NAT address. So it not exactly the same configuration, dont care if it accomplishes the same task but currently all the LAN machines have their own mapped NAT IP to go out the tunnel.

Title: Re: Source NAT over IPSEC
Post by: mimugmail on October 28, 2019, 02:23:12 pm

Sure, just set one IP with /32 as external network :)

Title: Re: Source NAT over IPSEC
Post by: deekdeeker on October 28, 2019, 02:30:42 pm

Ok i will have to give this a try over the weekend and will report back , I also assume that i need to add the NAT network the Manual SPD entry section in the phase 2 proposal settings?

Title: Re: Source NAT over IPSEC
Post by: mimugmail on October 28, 2019, 07:55:51 pm

Yes :)