OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of jesperfr »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - jesperfr

Pages: [1]
1
19.7 Legacy Series / NAT before IPSEC tunnel, not working?
« on: August 15, 2019, 07:44:32 am »
Is this still a problem ?

I need to NAT an address before sending it through an IPSEC tunnel, but I can't get it to work. According to packet capture it seems that NAT is done, but it's not being tunneled afterwards.

Rgds,
Jesper

2
19.1 Legacy Series / Nat not working
« on: July 19, 2019, 07:23:41 am »
Hi all,

I have an issue.

Firewall is running 19.1.4

On my firewall I have 3 interfaces:
VLAN10 (10.220.0.0/16) interface address 10.220.0.9
VLAN32 (10.222.0.0/16) interface address 10.222.8.4
WAN

I have a source address (10.220.2.75) comming from VLAN10, and I need it to be translated to an address on VLAN32 (10.222.10.251 or VLAN32 interface address) and run it throuh an IPSEC tunnel.

I can't get this to work. I have tryed to do both one-to-one and outbound nat.


In picture attached is:
- KACE (10.220.2.75)
- Salling_group (IP address that should be reached through IPSEC tunnel. I have also tryed to have WAN address, but still the same)
- VLAN_32_NAT_INTERFACE (VLAN32 interface address as an alias)


Any surggestions ?

Thanks in advance

Rgds,
Jesper

3
General Discussion / IPSec tunnel not working with NAT
« on: September 06, 2018, 12:46:14 pm »
Hi all,

I'm trying to setup a IPSec towards a customer, but I can't get it to work. The tunnel comes up (both Phase1 and 2), but no traffic is being tunneled.

I have created an outbound NAT rule, that hides all hosts on Vlan 32 (10.222.8.0/22) dest. 10.38.134.48/32  behind a public IP (xxx.xxx.51.239)

Local subnets   SPI(s)   Remote subnets   State   Stats
xxx.xxx.51.239/32   in : caa4e040
out : 581e3f33   10.38.134.48/32   INSTALLED
Routed   Time : 590
Bytes in : 0
Bytes out : 0

It also says that route is installed, but I can't see the route under Routes --> status. I can see routes for the other IPSec tunnels running on this firewall, but not this one (this is the only tunnel where NAT is used)

If I try to do a ping from interface addr, on Vlan32, then I would expect that the "bytes out" counter will increase, but this is not the case. There is no traffic seen on the firewall in remote end.

The following versions is running on the firewall:
OPNsense 18.1.5-amd64
FreeBSD 11.1-RELEASE-p8
OpenSSL 1.0.2n 7 Dec 2017


Any idea what could be wrong ?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2