OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: renow on September 13, 2018, 07:00:52 pm

Title: IPSEC Nat 1 to 1 behind Router NAT
Post by: renow on September 13, 2018, 07:00:52 pm

I'm trying to configure an IPSEC tunnel and need to use 1 to 1 NAT because local IP network exists in remote networks.

Configuration is as follow :

HQ : Local Network : : (LAN) OPN (WAN) : ------ Router ------- WWW
Remote : --- Public IP (WWW)

Need to configure an IPSEC with translation to (local) and connected to (remote)

So I have configured  :

- an IPSEC P2 for network to
- a 1 to 1 NAT on IPSEC interface with external for traffic from to

incoming ICMP traffic from remote net reach a client on but reply isn't redirected in the IPSEC tunnel.

I think the problem is because of WAN NAT on for outside.

I have tried too with an IP alias on LAN with and NAT on this IP before the tunnel but it doesn't work.

Does anyone tell me wich configuration may be used in my configuration ?

Thanks for your help.
Title: Re: IPSEC Nat 1 to 1 behind Router NAT
Post by: renow on September 14, 2018, 01:55:17 am
Finally, I'm able to have a functionnal IPSEC Natted with following configuration :

Phase 2 :

Type                    local Network          remote network
ESP IPv4 tunnel

1 to 1 NAT rules :

Interface    External IP            Internal IP           Destination IP

and need to add manually SPD even with "" in manual SPD of GUI

Code: [Select]
setkey -f spd.conf
with spd.conf
Code: [Select]
spdadd any -P out ipsec esp/tunnel/[Local Public IP]-[Remote Public IP]/unique:2;
Nat from router isn't the problem, manual SPD of GUI isn't working for me...