Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Opnsense as a Gateway for IPSec Roadwarrior (NAT issue) (Read 20530 times)
schnipp
Sr. Member
Posts: 371
Karma: 19
Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)
«
on:
August 20, 2018, 10:15:09 pm »
Today I have extended my Roadwarrior IPSec connection to use the Opnsense as a Gateway to the Internet. What I have done so far:
I added am additional phase2 entry for Internet routable destination addresses
I added an appropriate Firewall rule to route the incoming IPSec packets to the Internet
I was wondering that communication to the Internet did not work. Some investigation showed up that the IPSec interface is not covered by the automatic NAT rule creation, so the Firewall routed the packets to the Internet without replacing the private source address with the address of the WAN interface.
So I applied a corresponding NAT rule to adjust the packets for proper routing through the internet. But Internet access did not work either.
Some more investigation showed up that manually added and applied NAT rules only take effect after restarting the WAN connection.
So my question is whether this a bug or a correct behaviour. In the latter case, it would be a good idea to give the user a hint to reconnect after applying new NAT rules.
Logged
OPNsense 24.7.1-amd64
lambrusco
Newbie
Posts: 11
Karma: 0
Re: Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)
«
Reply #1 on:
January 04, 2019, 08:11:53 pm »
Hi, could you please explain better the steps?
I added the NAT and I see that in the logs my local VPN is getting NATted but somehow the packet is not routed back to the IPSec interface and I cannot connect to external IPs.
Thanks
Logged
greY
Newbie
Posts: 40
Karma: 4
Re: Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)
«
Reply #2 on:
January 08, 2019, 03:04:25 pm »
hmm I'm facing the same behavior with the IPSec...
Logged
schnipp
Sr. Member
Posts: 371
Karma: 19
Re: Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)
«
Reply #3 on:
January 08, 2019, 06:45:01 pm »
@lambrusco:
If incoming VPN packets on the IPsec interface get NATed on the WAN interface, everything should be fine. How did you notice, that NATing works fine?
Could you you please post the following details:
IPSec network address range
NAT rule
Logged
OPNsense 24.7.1-amd64
alh
Full Member
Posts: 123
Karma: 6
Re: Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)
«
Reply #4 on:
April 15, 2019, 01:52:32 am »
I changed my phase2 subnet to 0.0.0.0/0 and added a NAT rule on my WAN for all traffic coming from my IPsec subnet. Still iOS clients cannot access the Internet. Did anyone get this working?
Logged
schnipp
Sr. Member
Posts: 371
Karma: 19
Re: Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)
«
Reply #5 on:
April 26, 2019, 07:03:37 pm »
Best way to start identifying the issue is do a packet dump of the IPSEC interface and review with wireshark.
Logged
OPNsense 24.7.1-amd64
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Opnsense as a Gateway for IPSec Roadwarrior (NAT issue)