Reading the docs it seems there should be a NAT/BINAT options in the ipsec phase2 settings to do translation before the traffic enters the tunnel. However, in my setup (17.7.1) it is missing. Has this changed and are the docs not updated or am I missing something else?
Julian
Hi Julian,
You need the manual SPD entries at the bottom of the phase 2 entry plus a nat/binat rule.
For more information see https://github.com/opnsense/core/issues/440
Best regards,
Ad
The NAT/BINAT option no longer exists in the Phase 2 setup, I proposed a change in the docs to reflect that.
The setting is automatically set up now, unless you require NAT before IPsec, which Ad was pointing to with issue #440.
Cheers,
Franco