OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: hancke on March 08, 2019, 09:33:05 pm

Title: 1:1 BINAT/NAT IPSEC
Post by: hancke on March 08, 2019, 09:33:05 pm

I'm having issues getting 1:1 NAT to work consistently in use with an IPSEC tunnel.  The NAT'd IP will not trigger the IPSEC but I can ping through the tunnel if I start it manually under Status Overview.

Title: Re: 1:1 BINAT/NAT IPSEC
Post by: mimugmail on March 09, 2019, 07:13:25 am

I'd rather look why the VPN is not always on?

Title: Re: 1:1 BINAT/NAT IPSEC
Post by: hancke on March 10, 2019, 04:25:50 pm

My guess is the 1:1 NAT is not working correctly and interesting traffic never hits the tunnel to bring it up.

Add:My translated NAT IP is an IP within the WAN subnet.  Not sure if that matters.

Title: Re: 1:1 BINAT/NAT IPSEC
Post by: hancke on March 10, 2019, 05:43:35 pm

Deleted the IPSEC and 1:1 NAT entries and started over.  I can get the tunnel up with one of two phase 2 entries but not both.  It appears that PAT is not working on 1:1 NAT.

I can make this same config work on a Sonicwall or pfsense.  Seems Opnsense does NAT on IPSEC a little different.