1
Virtual private networks / NAT 1:1 over IPSec
« on: January 19, 2023, 11:33:26 am »
Good morning,
Could you give me a hand on configuring a NAT 1:1 Over IPSec
Site A: Caller
Site B: OPNSense
OPNSense LAN 192.168.200.254
LAN IP Server 192.168.200.1 with Gateway 192.168.200.254
This is the situation
IPSec tunnel successfully created both Phase1 and Phase2
Internal LAN Site A - 172.17.50.192/28
Internal LAN Site B - 172.17.52.80/28
Site A calls via IP 172.17.50.206 the IP address 172.17.52.80 which must be natted 1:1 on the IP 192.168.200.1
I created a Virtual LAN address 172.17.52.80/28
Then I ran the following tests
TEST 1 - 1:1 NAT
Interface: WAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any
TEST 2 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any
TEST 3 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: Any
TEST 4 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: 192.168.200.1/32
Nothing works unfortunately ... and I can't figure out where I'm going wrong.
I read on some forums that the "Block bogon networks" and "Block private networks" items had to be disabled in the WAN interface ... I also removed those flags!
Unfortunately I still don't receive traffic from the IP 172.17.50.206 as expected !
Thanks to anyone who can help me.
Could you give me a hand on configuring a NAT 1:1 Over IPSec
Site A: Caller
Site B: OPNSense
OPNSense LAN 192.168.200.254
LAN IP Server 192.168.200.1 with Gateway 192.168.200.254
This is the situation
IPSec tunnel successfully created both Phase1 and Phase2
Internal LAN Site A - 172.17.50.192/28
Internal LAN Site B - 172.17.52.80/28
Site A calls via IP 172.17.50.206 the IP address 172.17.52.80 which must be natted 1:1 on the IP 192.168.200.1
I created a Virtual LAN address 172.17.52.80/28
Then I ran the following tests
TEST 1 - 1:1 NAT
Interface: WAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any
TEST 2 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.52.80
InternalIP: 192.168.200.1/32
DestinationIP: Any
TEST 3 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: Any
TEST 4 - 1:1 NAT
Interface: LAN
ExternalIP: 172.17.50.206
InternalIP: 172.17.52.80/32
DestinationIP: 192.168.200.1/32
Nothing works unfortunately ... and I can't figure out where I'm going wrong.
I read on some forums that the "Block bogon networks" and "Block private networks" items had to be disabled in the WAN interface ... I also removed those flags!
Unfortunately I still don't receive traffic from the IP 172.17.50.206 as expected !
Thanks to anyone who can help me.