1
General Discussion / DNAT to IPsec policy-based VPN not working
« on: January 29, 2024, 12:52:07 pm »
Hello,
I have OPNsense 23.7 with only 1 (WAN) interface and an IPsec VPN established. The VPN itself is working, I can communicate from my internal network over the IPsec tunnel.
The problem is with port forwarding. In addition to the other communication I set up DNAT rule on WAN interface forwarding anything coming to WAN interface port 1439 to IP 172.26.1.53 on the far end of the IPsec VPN.
I also have outbound NAT on WAN interface set to translate anything going to 172.26.1.0/24 to have source IP of the WAN interface.
Firewall ingress rule allows subnet in the internal network to access port 1439 on WAN interface.
In packet capture I can see the packet coming to WAN interface, then being forwarded/translated to 172.26.1.53 but then vanishes. It is not sent through the IPsec VPN. No blocked packet seen in live firewall log.
Any ideas?
I have OPNsense 23.7 with only 1 (WAN) interface and an IPsec VPN established. The VPN itself is working, I can communicate from my internal network over the IPsec tunnel.
The problem is with port forwarding. In addition to the other communication I set up DNAT rule on WAN interface forwarding anything coming to WAN interface port 1439 to IP 172.26.1.53 on the far end of the IPsec VPN.
I also have outbound NAT on WAN interface set to translate anything going to 172.26.1.0/24 to have source IP of the WAN interface.
Firewall ingress rule allows subnet in the internal network to access port 1439 on WAN interface.
In packet capture I can see the packet coming to WAN interface, then being forwarded/translated to 172.26.1.53 but then vanishes. It is not sent through the IPsec VPN. No blocked packet seen in live firewall log.
Any ideas?