Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Watchguard D-NAT IPSec VPN to OPNSense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Watchguard D-NAT IPSec VPN to OPNSense (Read 376 times)
Celay
Newbie
Posts: 1
Karma: 0
Watchguard D-NAT IPSec VPN to OPNSense
«
on:
June 17, 2024, 04:02:42 pm »
Hello, I am trying to setup a IPSec VPN for one of our service providers, the provider needs a D-NAT as there are already other tunnels using my local network (192.168.1.1/24), Iam not exactly sure what needs to be configured, this is the current setup:
Watchguard Phase 2 Configuration, each entry is a own Phase2 Entry:
Local 192.168.251.1 - Remote 192.168.254.128
Local 192.168.251.1 - Remote 192.168.254.129
Local 192.168.251.1 - Remote 192.168.254.130
Local 192.168.251.1 - Remote 192.168.254.131
OPNSense Phase 2 Configuration, each entry is a own Phase2 Entry:
Local 192.168.254.128 - Remote 192.168.251.1/24
Local 192.168.254.129 - Remote 192.168.251.1/24
Local 192.168.254.130 - Remote 192.168.251.1/24
Local 192.168.254.131 - Remote 192.168.251.1/24
I created a port forward for all the addresses:
192.168.254.128 - 192.168.1.128
192.168.254.129 - 192.168.1.129
192.168.254.130 - 192.168.1.130
192.168.254.131 - 192.168.1.131
But we get the following error:
2024-06-17T15:55:28 Informational charon 12[IKE] <con3|5> failed to establish CHILD_SA, keeping IKE_SA
2024-06-17T15:55:28 Informational charon 12[IKE] <con3|5> received TS_UNACCEPTABLE notify, no CHILD_SA built
2024-06-17T15:55:28 Informational charon 12[ENC] <con3|5> parsed CREATE_CHILD_SA response 2 [ N(TS_UNACCEPT) ]
I am not exactly sure if that is a Phase 2 error or some firewall/nat problem, does someone have an idea?
Thanks in advance
Celay
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Watchguard D-NAT IPSec VPN to OPNSense