Messages

Deleted the IPSEC and 1:1 NAT entries and started over.  I can get the tunnel up with one of two phase 2 entries but not both.  It appears that PAT is not working on 1:1 NAT.

I can make this same config work on a Sonicwall or pfsense.  Seems Opnsense does NAT on IPSEC a little different.

My guess is the 1:1 NAT is not working correctly and interesting traffic never hits the tunnel to bring it up.

Add:My translated NAT IP is an IP within the WAN subnet.  Not sure if that matters.

I'm having issues getting 1:1 NAT to work consistently in use with an IPSEC tunnel.  The NAT'd IP will not trigger the IPSEC but I can ping through the tunnel if I start it manually under Status Overview.

I've noticed the 19.1 client export uses upper case "UDP" in the ovpn config and the OpenVPN client requires lower case "udp" to work.

Not failing over?  No load balancing?  What is not working?  What gateway monitoring IP is set?

If you will click the full help you will see the info below.  Use NAT for unequal sized networks

"Select BINAT (default) or NAT here, when nets are equally sized binat is usually the best option.Using NAT we can also map unequal sized networks.
A BINAT rule specifies a bidirectional mapping between an external and internal network and can be used from both ends, nat only applies in one direction."

Docs on NAT
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s-binat.html