Messages

1

19.1 Legacy Series / Re: 1:1 BINAT/NAT IPSEC

« on: March 10, 2019, 05:43:35 pm »

Deleted the IPSEC and 1:1 NAT entries and started over.  I can get the tunnel up with one of two phase 2 entries but not both.  It appears that PAT is not working on 1:1 NAT.

I can make this same config work on a Sonicwall or pfsense.  Seems Opnsense does NAT on IPSEC a little different.

2

19.1 Legacy Series / Re: 1:1 BINAT/NAT IPSEC

« on: March 10, 2019, 04:25:50 pm »

My guess is the 1:1 NAT is not working correctly and interesting traffic never hits the tunnel to bring it up.

Add:My translated NAT IP is an IP within the WAN subnet.  Not sure if that matters.

3

19.1 Legacy Series / 1:1 BINAT/NAT IPSEC

« on: March 08, 2019, 09:33:05 pm »

I'm having issues getting 1:1 NAT to work consistently in use with an IPSEC tunnel.  The NAT'd IP will not trigger the IPSEC but I can ping through the tunnel if I start it manually under Status Overview.

4

19.7 Legacy Series / Re: OpenVpn Client Export

« on: March 08, 2019, 09:11:46 pm »

I've noticed the 19.1 client export uses upper case "UDP" in the ovpn config and the OpenVPN client requires lower case "udp" to work.

5

General Discussion / Re: Multiwan not woking

« on: March 08, 2019, 09:09:11 pm »

Not failing over?  No load balancing?  What is not working?  What gateway monitoring IP is set?

6

18.7 Legacy Series / Re: IPSEC BiNAT - Migrating from pfS

« on: March 08, 2019, 09:01:16 pm »

If you will click the full help you will see the info below.  Use NAT for unequal sized networks

"Select BINAT (default) or NAT here, when nets are equally sized binat is usually the best option.Using NAT we can also map unequal sized networks.
A BINAT rule specifies a bidirectional mapping between an external and internal network and can be used from both ends, nat only applies in one direction."

Docs on NAT
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s-binat.html