Hi All,
pfSense has the following configuration option that allows the filtering to be done on the VTI and that also support NAT on the VTI.
PFsense IPsec Filter Mode (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/advanced.html)
Can someone please tell me what is the equivalent option in 25.7.x and the new VPN/IPsec implementation?
Many Thanks
Opnsene supports filtering and NAT for policy and routing based IPsec tunnels at the same time. So you can have both :D
Its described here:
https://github.com/opnsense/docs/pull/769/files
The gist of it is to do all filtering and NATing directly on the IPsec interface and not the subinterfaces, without changing any tunables.
The only thing that needs to be done is enabling that firewall rules are totally skipped for VTI interfaces.
Thank you for providing that clarity! Will have another go at it.