1:1 BINAT/NAT IPSEC

hancke · March 08, 2019, 09:33:05 PM

I'm having issues getting 1:1 NAT to work consistently in use with an IPSEC tunnel. The NAT'd IP will not trigger the IPSEC but I can ping through the tunnel if I start it manually under Status Overview.

mimugmail · March 09, 2019, 07:13:25 AM

I'd rather look why the VPN is not always on?

hancke · March 10, 2019, 04:25:50 PM

My guess is the 1:1 NAT is not working correctly and interesting traffic never hits the tunnel to bring it up.

Add:My translated NAT IP is an IP within the WAN subnet. Not sure if that matters.

hancke · March 10, 2019, 05:43:35 PM

Deleted the IPSEC and 1:1 NAT entries and started over. I can get the tunnel up with one of two phase 2 entries but not both. It appears that PAT is not working on 1:1 NAT.

I can make this same config work on a Sonicwall or pfsense. Seems Opnsense does NAT on IPSEC a little different.

1:1 BINAT/NAT IPSEC

hancke

March 08, 2019, 09:33:05 PM

mimugmail

March 09, 2019, 07:13:25 AM #1

hancke

March 10, 2019, 04:25:50 PM #2 Last Edit: March 10, 2019, 04:49:12 PM by hancke

hancke

March 10, 2019, 05:43:35 PM #3