Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC and 1:1 NAT - how?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC and 1:1 NAT - how? (Read 1078 times)
skiker
Newbie
Posts: 1
Karma: 0
IPSEC and 1:1 NAT - how?
«
on:
June 01, 2022, 06:21:31 pm »
I got a running IPSec IKEv2 tunnel with a partner.
The Phase 2 network settings are like this:
Local Subnet 10.10.1.0/24
Remote Subnet 10.20.15.20/32
I added my local LAN as manual SPD entry: 192.168.128.0/24
I see the SPDs generated correct.
Now I need to establish a 1:1 NAT to map traffic from my 192.168.128.0/24 network to translate to 10.10.1.0/24 for using the IPSec tunnel to get to the server located at 10.20.15.20/32.
I created a 1:1 NAT (not BINAT) rule with
Interface IPSec
External Network: 10.20.15.20/32
Source: 192.168.128.0/24
Destination: 10.10.1.0/24
When I traceroute the target IP 10.20.15.20 on OPNsense it always goes through the default gateway.
What I am doing wrong?
Thanks in advance!
Logged
NoncarbonatedClack
Newbie
Posts: 10
Karma: 0
Re: IPSEC and 1:1 NAT - how?
«
Reply #1 on:
June 08, 2022, 05:21:26 am »
I believe that should be the case, no? NAT isn't my stong suit so I could be mistaken, but I don't think so in this case.
You still have to go through the default gateway for the firewall to know where to route traffic, which should be before packets hit NAT.
Does the trace to 10.20.15.20 succeed?
«
Last Edit: June 08, 2022, 03:31:57 pm by NoncarbonatedClack
»
Logged
Current
NUC 11 Pro NUC11TNHi50L
i5-1135G7
32 GB DDR4 3200Mhz CL16
1 TB Samsung 970 Evo Plus
2x i225-LM NICs
Running as a VM with 2 vCPU, 2 GB RAM, and on ESXi v8.0
Retired:
HP ML310e G8 v2
Xeon E3-1220 V2
16 GBDDR3 ECC
Intel i350-T4
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC and 1:1 NAT - how?