Switch to VTI filtering and NAT (instead of enc0)

Started by hpsn, Today at 01:08:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 01:08:25 AM
Hi All,

pfSense has the following configuration option that allows the filtering to be done on the VTI and that also support NAT on the VTI.

PFsense IPsec Filter Mode

Can someone please tell me what is the equivalent option in 25.7.x and the new VPN/IPsec implementation?

Many Thanks
Today at 09:02:31 AM #1 Last Edit: Today at 09:04:08 AM by Monviech (Cedrik)
Opnsene supports filtering and NAT for policy and routing based IPsec tunnels at the same time. So you can have both :D

Its described here:

https://github.com/opnsense/docs/pull/769/files

The gist of it is to do all filtering and NATing directly on the IPsec interface and not the subinterfaces, without changing any tunables.

The only thing that needs to be done is enabling that firewall rules are totally skipped for VTI interfaces.
Hardware:
DEC740
Print
Go Up Pages1
User actions