Messages

1

Virtual private networks / IPSec tunnel with public IP's in phase2

« on: October 24, 2024, 11:48:03 am »

Hello everyone,

I am currently experimenting with OPNsense and have the following setup:

Local static IP: 97.228.212.23
Remote static IP: 91.36.170.12
SA (Phase 2):
Local subnet: 72.257.145.168/29
Remote subnet: 117.8.130.224/27
The tunnel itself sets up cleanly - so everything is fine so far.

Goal:
I would like to set NAT so that the following connections work:

172.17.54.124 <-> 72.257.145.169
172.17.54.125 <-> 72.257.145.170
Current situation:

I currently have a one-to-one NAT configured.
I can see in the log that the ping from 172.17.54.124 actually goes into the IPsec tunnel, for example.
However, the bytes out remain at 0, as if nothing is going out.
Incoming packets come in, but somehow end up on the WAN port instead of being processed correctly in the tunnel.

Code: [Select]

809_WAN 2024-10-23T15:26:16 117.8.130.226:55060 72.257.145.169:3300 tcp let out anything from firewall host itself
IPsec 2024-10-23T15:26:16 117.8.130.226:55060 72.257.145.169:3300 tcp Zugriff Cloud auf Systeme
809_WAN 2024-10-23T15:26:00 117.8.130.226:56495 72.257.145.169:3300 tcp let out anything from firewall host itself
IPsec 2024-10-23T15:26:00 117.8.130.226:56495 72.257.145.169:3300 tcp Zugriff Cloud auf Systeme