Messages

based on your previous post

Anyway, you can do this with a legacy tunnel IPSec p2 and a NAT One-to-one rule.

Configure a p2 with 192.168.136.103/32 as local network.

Then add a NAT One-to-one rule:
Interface: IPSec
Type: NAT
External network: 192.168.136.103/32
Source: your local network
Destination: remote network

so for me i think its just the firewall rules right

thanks

 ipsec phase ip 207.219.39.1 with a vpn gateway pf 142.127.82.151 source nat ip 192.168.1036.210/32 this the local subnet when building the tunnel and the source nat remote network ip is 10.21.0.0/16 .. local lan ip is 192.168.2.0

traffic from your local network (192.168.2.0/24) and the source NAT IP (192.168.136.210/32) destined for the remote network (10.21.0.0/16) is routed through the IPsec tunnel established with the remote gateway (142.127.82.1510


when you say ipsec settings
phase 1 ike properties
ip address 207.219.39.1
key exchange 256bit aes
data - sha-384
dh-group - group20(384-bit ecp)

phase2
256 bit aes
data - sha-384
perfect forward secrecy: enabled
dh-group -group20(384-bit ecp)

i thought you see the numbers from my samples sorry i was not clearer

local lan 192.168.2.0/24
phase 1 ipsec ike properties ip address 207.219.39.1
phase 2 remote networks 10.21.0.0/16
source nat ip 192.168.136.210/32
remote vpn gateway 142.127.82.151

do u need my public ip
and earlier i mentioned vpn, just simply we are going to use this from local lan and thru a vpn

thanks again i appreciate your help

sorry for the long delay in replying

could you please look this over and let me know if you see any issues or wrong setup details

IPSEC details

   Phase 1 Configuration:
        Remote Gateway: 207.219.39.1 (Your local gateway).
        Authentication Method: pre-shared key
        My Identifier: 142.127.82.151
        Peer Identifier: 207.219.39.1
           

    Phase 2 Configuration:
        Local Network:
            10.21.0.0/16 (remote network behind the gateway).
        Remote Network:
            192.168.136.210/32 and 192.168.2.0/24 (local subnet + NAT IP for the tunnel).

NAT Configuration:

    Navigate to Firewall → NAT → Outbound.
    Set to Hybrid Mode
           
 Add two outbound NAT rules:
            Rule 1:
                Interface: WAN
                Source: 10.21.0.0/16
                Destination: 192.168.2.0/24
                Translation/Target: None (disable NAT for this traffic).
            Rule 2:
                Interface: WAN
                Source: 10.21.0.0/16
                Destination: 192.168.136.210/32
                Translation/Target: None.



Firewall → Rules → IPsec.

            Action: Pass
            Source: 192.168.136.210/32
            Destination: 10.21.0.0/16
       
            Action: Pass
            Source: 192.168.2.0/24 (lan)
            Destination: 10.21.0.0/16 (remote)

   
    Firewall → Rules → WAN.

    Action: Pass
    Interface: WAN
    Protocol: UDP
    Source: Any (or restrict to the remote gateway )
    Destination: WAN Address (the public IP )
    Destination Ports:
        500 (UDP): For IKE (IPsec negotiation).
        4500 (UDP): For NAT-T (NAT traversal, if applicable).
    Description: Allow IPsec traffic.

(Optional) ESP Protocol Rule:

            Protocol: ESP
        Source: Any (or restrict to 142.127.82.151).
        Destination: WAN Address.
        Description: Allow ESP traffic.

    Firewall → Rules → LAN.

    Action: Pass
    Interface: LAN
    Protocol: Any
    Source: 192.168.2.0/24 (your local LAN network).
    Destination: 10.21.0.0/16 (the remote network).
    Description: Allow LAN to IPsec traffic.
   
for my openvpn access

Firewall → Rules → OpenVPN.
    Action: Pass
    Source: OpenVPN subnet (192.168.10.0/24).
    Destination: 10.21.0.0/16.

 
i had it all routing to the wrong ip so i stopped did a bunch more research and rule reading and looked at pfsense and what you said
and thats what i think i need

Thanks in advance for any help

Do you mean the ipsec traffic on the lan ..

The internet works we can even vpn in but we would open the ip like in web browser but it will in pfsense see the instance say server as an example but even with everything added, surfs up but no access to the server in opnsense ..so not sure what im missing.

I understand you only have some info not all but anything you can think to check or change im working to fiqure this out. Thx in advance,

no rules in rules-ipsec nothing

it reads no rules are defined, all incoming blocked ...

do u have any suggestions or advice
thanks in advance

in the p2 do i need the remote
i have the info local as the 192.
10.21.0.0  as remote?

i added the ipsec nat you mentioned but cant reach 10.21.6.# im supposed to able to

do i need firewalls rules, open 500,4500,esp etc .. i thought i read that in a forum somehow

moving from pfsense to opnsense looking for where to put local network/nat/binat/remote see screenshot
in opnsense

i think in nat but im confused as to why or what is missing to make it work

Thanks in advaNCE

anyone fiqure this out or provide link to answer as im lost as well