I got a running IPSec IKEv2 tunnel with a partner.
The Phase 2 network settings are like this:
Local Subnet 10.10.1.0/24
Remote Subnet 10.20.15.20/32
I added my local LAN as manual SPD entry: 192.168.128.0/24
I see the SPDs generated correct.
Now I need to establish a 1:1 NAT to map traffic from my 192.168.128.0/24 network to translate to 10.10.1.0/24 for using the IPSec tunnel to get to the server located at 10.20.15.20/32.
I created a 1:1 NAT (not BINAT) rule with
Interface IPSec
External Network: 10.20.15.20/32
Source: 192.168.128.0/24
Destination: 10.10.1.0/24
When I traceroute the target IP 10.20.15.20 on OPNsense it always goes through the default gateway.
What I am doing wrong?
Thanks in advance! :)
I believe that should be the case, no? NAT isn't my stong suit so I could be mistaken, but I don't think so in this case.
You still have to go through the default gateway for the firewall to know where to route traffic, which should be before packets hit NAT.
Does the trace to 10.20.15.20 succeed?