IPSEC (NAT-T)

Started by MoonbeamFrame, November 27, 2020, 11:27:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 27, 2020, 11:27:41 AM

For a policy-based IPSEC between 2 OPNsense 20.7.5 boxes I have NAT-T disabled.

In the logs I can see both sides sending data on UDP/4500 which, as expected, is block at the other end.

Are there other configuration settings which affect NAT-T outside of the phase 1 configuration?

November 27, 2020, 12:04:38 PM #1
Maybe better check IPsec.logs
November 27, 2020, 12:21:51 PM #2
The logs show sending and receiving of UDP/4500
November 27, 2020, 12:28:27 PM #3 Last Edit: November 27, 2020, 12:44:16 PM by MoonbeamFrame
OK I think I have it.

Using IKEv2. So NAT Traversal is always enabled.

But if NAT-T is disabled in the phase 1 proposal the inbound NAT-T is rejected (because the Automatically generated rule is not created).

Print
Go Up Pages1
User actions