OPNsense Forum
English Forums => Virtual private networks => Topic started by: MoonbeamFrame on November 27, 2020, 11:27:41 am
-
For a policy-based IPSEC between 2 OPNsense 20.7.5 boxes I have NAT-T disabled.
In the logs I can see both sides sending data on UDP/4500 which, as expected, is block at the other end.
Are there other configuration settings which affect NAT-T outside of the phase 1 configuration?
-
Maybe better check IPsec.logs
-
The logs show sending and receiving of UDP/4500
-
OK I think I have it.
Using IKEv2. So NAT Traversal is always enabled.
But if NAT-T is disabled in the phase 1 proposal the inbound NAT-T is rejected (because the Automatically generated rule is not created).