Show Posts
1
Virtual private networks / IPSEC and 1:1 NAT - how?
« on: June 01, 2022, 06:21:31 pm »
I got a running IPSec IKEv2 tunnel with a partner.
The Phase 2 network settings are like this:
Local Subnet 10.10.1.0/24
Remote Subnet 10.20.15.20/32
I added my local LAN as manual SPD entry: 192.168.128.0/24
I see the SPDs generated correct.
Now I need to establish a 1:1 NAT to map traffic from my 192.168.128.0/24 network to translate to 10.10.1.0/24 for using the IPSec tunnel to get to the server located at 10.20.15.20/32.
I created a 1:1 NAT (not BINAT) rule with
Interface IPSec
External Network: 10.20.15.20/32
Source: 192.168.128.0/24
Destination: 10.10.1.0/24
When I traceroute the target IP 10.20.15.20 on OPNsense it always goes through the default gateway.
What I am doing wrong?
Thanks in advance!
The Phase 2 network settings are like this:
Local Subnet 10.10.1.0/24
Remote Subnet 10.20.15.20/32
I added my local LAN as manual SPD entry: 192.168.128.0/24
I see the SPDs generated correct.
Now I need to establish a 1:1 NAT to map traffic from my 192.168.128.0/24 network to translate to 10.10.1.0/24 for using the IPSec tunnel to get to the server located at 10.20.15.20/32.
I created a 1:1 NAT (not BINAT) rule with
Interface IPSec
External Network: 10.20.15.20/32
Source: 192.168.128.0/24
Destination: 10.10.1.0/24
When I traceroute the target IP 10.20.15.20 on OPNsense it always goes through the default gateway.
What I am doing wrong?
Thanks in advance!