Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
IPSec in Routed mode with BiNAT, traffic but no replies?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec in Routed mode with BiNAT, traffic but no replies? (Read 1203 times)
nellson
Newbie
Posts: 6
Karma: 0
IPSec in Routed mode with BiNAT, traffic but no replies?
«
on:
September 01, 2021, 12:01:45 am »
I have built a Router VTI IPSec tunnel to a Cisco Router at work. I am using BiNAT to make my 10.0.0.0/25 network look like 10.0.10.0/25 over the tunnel. I am using 10.0.10.252/30 .254 is my OPNSense end, .253 is my Cisco VTI Tunnel10. The tunnel on the cisco can ping the tunnel IP on the OPNSense. The loopback on the Cisco 10.45.253.1 can ping the 10.0.10.254 of the OPNSense. BUT my Linux box at 10.0.0.24, natting to 10.0.10.24 tries to ping the loopback of the router at 10.45.253.1 (and a ping from the routers loopback to the 10.0.10.24 at the same time, neither get a reply. YET, both unidirectional traffic flows show in the Packet Capture on my tunnel interface on the OPNSense..I am lost as to how this happens? (see picture attached)
my tunnel interface as two ANY - ANY IPv4 rules for in and out. And I see Encaps and Decaps oh plenty on my Cisco and my OPNSense IPSec stats...
Logged
nellson
Newbie
Posts: 6
Karma: 0
Re: IPSec in Routed mode with BiNAT, traffic but no replies?
«
Reply #1 on:
September 01, 2021, 05:25:18 am »
Hrmm.. It appears that the tunnel was receiving traffic from work to my 10.0.10.0/25 network in my BiNAT and sending it BACK down the tunnel via the 10.0.0.0/8 route.. I would have expected the more specific to win out or how would this BiNAT for space used on both sides even work? I limited my SDR to a smaller 10.45.0.0/16 used in my datacenter and things started to work to that range.. So I think something did not get automatically installed for the BiNAT so it could catch this traffic?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
IPSec in Routed mode with BiNAT, traffic but no replies?