OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: juliocbc on February 21, 2019, 05:34:49 pm

Title: IPSEC BiNAT - Migrating from pfS
Post by: juliocbc on February 21, 2019, 05:34:49 pm
Greetings from IPSec outerspace!  :)

I'm importing a config from an old pfsense with IPSEC Binat enabled, but when I try to create the NAT 1:1 rule, an error is show.

Scenario:
Local Network: 10.20.30.0/24
Translated Address (that is in SPD entry): 192.169.200.16/32

If the subnet mask are the same, the rule is created without problems, but like I've mentioned above, the existing config uses differents masks.

Am I missing something?

Attached the example rule and the error.

Title: Re: IPSEC BiNAT - Migrating from pfS
Post by: hancke on March 08, 2019, 09:01:16 pm
If you will click the full help you will see the info below.  Use NAT for unequal sized networks

"Select BINAT (default) or NAT here, when nets are equally sized binat is usually the best option.Using NAT we can also map unequal sized networks.
A BINAT rule specifies a bidirectional mapping between an external and internal network and can be used from both ends, nat only applies in one direction."

Docs on NAT
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s-binat.html