OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPSEC (NAT-T)
« previous next »
  • Print
Pages: [1]

Author Topic: IPSEC (NAT-T)  (Read 2173 times)

MoonbeamFrame

  • Newbie
  • *
  • Posts: 25
  • Karma: 1
    • View Profile
IPSEC (NAT-T)
« on: November 27, 2020, 11:27:41 am »

For a policy-based IPSEC between 2 OPNsense 20.7.5 boxes I have NAT-T disabled.

In the logs I can see both sides sending data on UDP/4500 which, as expected, is block at the other end.

Are there other configuration settings which affect NAT-T outside of the phase 1 configuration?

Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6401
  • Karma: 446
    • View Profile
Re: IPSEC (NAT-T)
« Reply #1 on: November 27, 2020, 12:04:38 pm »
Maybe better check IPsec.logs
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

MoonbeamFrame

  • Newbie
  • *
  • Posts: 25
  • Karma: 1
    • View Profile
Re: IPSEC (NAT-T)
« Reply #2 on: November 27, 2020, 12:21:51 pm »
The logs show sending and receiving of UDP/4500
Logged

MoonbeamFrame

  • Newbie
  • *
  • Posts: 25
  • Karma: 1
    • View Profile
Re: IPSEC (NAT-T)
« Reply #3 on: November 27, 2020, 12:28:27 pm »
OK I think I have it.

Using IKEv2. So NAT Traversal is always enabled.

But if NAT-T is disabled in the phase 1 proposal the inbound NAT-T is rejected (because the Automatically generated rule is not created).

« Last Edit: November 27, 2020, 12:44:16 pm by MoonbeamFrame »
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPSEC (NAT-T)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2