Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC (NAT-T)
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC (NAT-T) (Read 1385 times)
MoonbeamFrame
Newbie
Posts: 20
Karma: 1
IPSEC (NAT-T)
«
on:
November 27, 2020, 11:27:41 am »
For a policy-based IPSEC between 2 OPNsense 20.7.5 boxes I have NAT-T disabled.
In the logs I can see both sides sending data on UDP/4500 which, as expected, is block at the other end.
Are there other configuration settings which affect NAT-T outside of the phase 1 configuration?
Logged
mimugmail
Hero Member
Posts: 6113
Karma: 423
Re: IPSEC (NAT-T)
«
Reply #1 on:
November 27, 2020, 12:04:38 pm »
Maybe better check IPsec.logs
Logged
IRC: mimugmail
Twitter: mimu_muc
WWW:
www.routerperformance.net
Commercial Plugins (German):
https://opnsense.max-it.de/
MoonbeamFrame
Newbie
Posts: 20
Karma: 1
Re: IPSEC (NAT-T)
«
Reply #2 on:
November 27, 2020, 12:21:51 pm »
The logs show sending and receiving of UDP/4500
Logged
MoonbeamFrame
Newbie
Posts: 20
Karma: 1
Re: IPSEC (NAT-T)
«
Reply #3 on:
November 27, 2020, 12:28:27 pm »
OK I think I have it.
Using IKEv2. So NAT Traversal is always enabled.
But if NAT-T is disabled in the phase 1 proposal the inbound NAT-T is rejected (because the Automatically generated rule is not created).
«
Last Edit: November 27, 2020, 12:44:16 pm by MoonbeamFrame
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC (NAT-T)
