Messages

Hello, i solved my issue by reading this guy's post :

https://www.reddit.com/r/OPNsenseFirewall/comments/hrdzti/nat_not_working_with_ipsec_vpn/

Hello , i read your post on reddit, i was wondering if you could help me find a solution to my problem , i have the same issue , i've added the SPD entries and everything , the one to one NAT is correctly configured , the only difference that i have is that my WAN network isn't what i put inside the VPN tunnel in phase 2 , i have two virtual networks that needs to communicate in phase 2 ( 10.100.100.0/24 <--------IPSEC--------> 10.200.200.0/24 ), i don't know what i'm doing wrong , but if you have any idea , please share it !!

Hello , i'm having the same issue , did you find a solution to your problem ?

it's okay, thank you for your help , you really helped me alot , in the opnsense , it keeps blocking the RDP traffic :

when i sniffed packets using wireshark , this is what i see :

Quick update , the ICMP works, but when i try RDP , it doesn't work , i have a question , does the BINAT do PAT ?

Hello again ,

It worked from the stormshield to the OPNsense :

<a href="https://ibb.co/qMDt3JL"><img src="https://i.ibb.co/SX6h4fD/Capture.png" alt="Capture" border="0" /></a>
but not from the OPNsense to stormshield !

Hello,

thanks for the document , it worked !

Also , because we got alot of VPN tunnels in our stormshield firewall , we have to create virtual networks in order to avoid ip adress conflict

Hello , thank you for your answer,

I need to NAT because the two networks are behind a virutal Network :

| 192.168.2.0/24 | -------------- (Stormshield [virt: 10.100.100.0/24]) ====ipsec==== (Opnsense[virt: 10.200.200.0/24]) -------------- | 192.168.100.0/24 |


in my case my LAN 192.168.100.0/24 has to be behind the network 10.200.200.0/24 ,

First i wanna know if it's possible to do it in opnsense because i tried to do it with Stormshield and it worked perfectly , and if it's possible how could we do it ( create the virtual network and apply the nat rules to translate from the virtual network to the local network )

Can anyone who knows how take time to answer?
i would really appreciate it !

Hello Forum,

I hope you're doing well.

I need some information about configuring an IPsec VPN on an OPNsense firewall.

I created an IPsec tunnel with a Stormshield firewall using virtual networks, but I'm unable to test the VPN tunnel. I don't know how to create virtual IP addresses and attach them to a physical interface using NAT in OPNsense. There are three types of NAT in OPNsense, and I'm unsure which one to use: NAT 1:1, outbound NAT, or port forward NAT.

I need your help to understand what I'm doing wrong. On the Stormshield firewall, I created a virtual network, which is preceded by a physical network. On the OPNsense firewall, I didn't create a virtual network, but I added it in the IPsec Phase 2 configuration.

Can you guys give me an idea of the NAT and filtering configurations that i should add in the opnsense.

Here's what the VPN tunnel looks like:


| 192.168.2.0/24 | -------------- (Stormshield [virt: 10.100.100.0/24]) ====ipsec==== (Opnsense[virt: 10.200.200.0/24]) -------------- | 192.168.100.0/24 |


This is what i'm trying to test:

Ping from 192.168.100.0/24 to 10.100.100.0/24 , i have created an object in stormshield network , that is NATTED to a physical ip address 192.168.2.201/24, but i don't know how to do the same thing in opnsense for a physical machine !

Thank you for your time guys !