OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: wickeren on September 09, 2017, 03:28:47 pm

Title: Ipsec NAT/BINAT option missing
Post by: wickeren on September 09, 2017, 03:28:47 pm
Reading the docs it seems there should be a NAT/BINAT options in the ipsec phase2 settings to do translation before the traffic enters the tunnel. However, in my setup (17.7.1) it is missing. Has this changed and are the docs not updated or am I missing something else?

Julian
Title: Re: Ipsec NAT/BINAT option missing
Post by: AdSchellevis on September 09, 2017, 04:37:15 pm
Hi Julian,

You need the manual SPD entries at the bottom of the phase 2 entry plus a nat/binat rule.
For more information see https://github.com/opnsense/core/issues/440

Best regards,

Ad
Title: Re: Ipsec NAT/BINAT option missing
Post by: franco on September 09, 2017, 04:50:03 pm
The NAT/BINAT option no longer exists in the Phase 2 setup, I proposed a change in the docs to reflect that.

The setting is automatically set up now, unless you require NAT before IPsec, which Ad was pointing to with issue #440.


Cheers,
Franco