# This file is automatically generated. Do not edit
connections {
f4fc114c-2b90-4d48-be4a-7ffe139e61c5 {
proposals = aes256-sha256-ecp256
unique = replace
aggressive = no
version = 2
mobike = no
local_addrs = vpn.staticdnstest.net
remote_addrs = vpn.mine3.net
encap = yes
dpd_delay = 10
send_certreq = yes
send_cert = always
keyingtries = 0
local-1952c040-2c39-4763-820c-829b9a6304ed {
round = 0
auth = pubkey
certs = xxxxxxxxxxxxxx.crt
}
remote-f4f8cd49-443d-4c88-a71b-922d76de9ecf {
round = 0
auth = pubkey
certs = yyyyyyyyyyyyy.crt
}
children {
31a6653a-63c0-4c66-8b9b-5483d36d7b72 {
esp_proposals = aes256-sha256-ecp256
sha256_96 = no
start_action = none
close_action = none
dpd_action = clear
mode = tunnel
policies = yes
local_ts = 0.0.0.0/0
remote_ts = 0.0.0.0/0
rekey_time = 1800
updown = /usr/local/opnsense/scripts/ipsec/updown_event.py --connection_child 31a6653a-63c0-4c66-8b9b-5483d36d7b72
}
}
}
5af76a2v-2988-4186-9a25-fc4d1a57a173 {
proposals = aes256-sha256-ecp256
unique = replace
aggressive = no
version = 2
mobike = no
local_addrs = vpn.staticdnstest.net
remote_addrs = vpn.mine2.net
encap = yes
dpd_delay = 10
send_certreq = yes
send_cert = always
keyingtries = 0
local-2d1149ab-c11f-45d2-8d10-5d75e20222dc {
round = 0
auth = pubkey
certs = xxxxxxxxxxxxxx.crt
}
remote-51e086dc-fc53-48c9-92b2-089f0bd00e38 {
round = 0
auth = pubkey
}
children {
3c668bc7-46c2-443a-8980-e48c215d465e {
esp_proposals = aes256-sha256-ecp256
sha256_96 = no
start_action = none
close_action = none
dpd_action = clear
mode = tunnel
policies = yes
local_ts = 0.0.0.0/0
remote_ts = 0.0.0.0/0
rekey_time = 1800
updown = /usr/local/opnsense/scripts/ipsec/updown_event.py --connection_child 3c668bc7-46c2-443a-8980-e48c215d465e
}
}
}
}
pools {
ipsec-test-pool {
addrs = ::0/0
dns = 10.10.35.1
}
}
# Include config snippets
include conf.d/*.conf
QuoteServers SHOULD be listed in order of preference
Quote from: Seimus on July 02, 2026, 07:07:24 PMShow your rules.
Description = "NAT for NordVPN"
Interface = NORDVPN1 / NORDVPN2
Version = IPv4
Protocol = any
Source Address = NORDVPN_CLIENTS
Translate Source IP = leave emptyName = NORDVPN_GW1
Interface = NORDVPN1
Address Family = IPv4
IP Address = 10.5.0.1
Far Gateway = checked
Failover States = checked
Disable Gateway Monitoring = unchecked
Monitor IP = 103.86.96.100
Description = IPv4 Gateway for NordVPN
Name = NORDVPN_GW2
Interface = NORDVPN2
Address Family = IPv4
IP Address = 103.86.99.100
Far Gateway = checked
Disable Gateway Monitoring = unchecked
Monitor IP = 103.86.99.100
Description = IPv4 Gateway for NordVPN
Description = Force gateway for NordVPN clients
Interface = any
Quick = checked
Action = Pass
Direction = In
Version = IPv4
Protocol = any
Invert Source = unchecked
Source = NORDVPN_CLIENTS
Source Port = any
Invert Destination = checked
Destination = RFC1918
Destination Port = any
Gateway = NORDVPN_FAILOVER
Starting web GUI...done.
Fetching base-26.1.11-amd64.txz: ................................................................................. done
Fetching kernel-26.1.11-amd64.txz: ............................ done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-26.1.11-amd64.txz... done
Description = "NAT for NordVPN"
Interface = NORDVPN1 / NORDVPN2
Version = IPv4
Protocol = any
Source Addres = VPN_CLIENTS
Translate Source IP = leave emptyName = NORDVPN_GW1
Interface = NORDVPN1
Address Family = IPv4
IP Address = 10.5.0.1
Far Gateway = checked
Disable Gateway Monitoring = unchecked
Monitor IP = 103.86.96.100
Description = IPv4 Gateway for NordVPN
Name = NORDVPN_GW2
Interface = NORDVPN2
Address Family = IPv4
IP Address = 103.86.99.100 [i](Note: This is not an error, but a trick!)[/i]
Far Gateway = checked
Disable Gateway Monitoring = unchecked
Monitor IP = 103.86.99.100
Description = IPv4 Gateway for NordVPN
Leave everything else on default.Description = Force gateway for NordVPN clients
Interface = any
Quick = checked
Action = Pass
Direction = In
Version = IPv4
Protocol = any
Invert Source = unchecked
Source = NORDVPN_CLIENTS
Source Port = any
Invert Destination = checked
Destination = RFC1918
Destination Port = any
Gateway = NORDVPN_FAILOVER
Quote from: chemlud on Today at 03:22:27 PMHave you tried spoofing the Cisco WAN MAC to your sense WAN?