Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec Site to Site VPN with One Site Behind NAT
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec Site to Site VPN with One Site Behind NAT (Read 2060 times)
ntkevinshao
Newbie
Posts: 12
Karma: 1
IPsec Site to Site VPN with One Site Behind NAT
«
on:
August 15, 2022, 10:07:58 am »
My Lab Config :
Site 1 Local OpnSense # 1 :
- LAN IP : 192.168.1.1 /24
- WAN IP : 100.1.1.1 /24
Site 2 Remote Site Firewall(NAT) :
- WAN IP 100.1.1.2 /24
- config port forward on WAN to forward AH, ESP and TCP/UDP 500/4500 to 192.168.3.22
- LAN IP(connected to OpnSense #2) : 192.168.3.21 /24
Site 2 Remote Site OpnSense #2 for IPsec Site to Site VPN :
- WAN IP(connected to Firewall) : 192.168.3.22 /24
- LAN IP : 192.168.2.22 /24
But I could not get IPsec site to site VPN to work for Site 1 192.168.1.0/24 to connect to Site 2 192.168.2.0 /24
what should I use in Site 1 OpnSense and Site 2 Opsense Phase 1 :
My identifier = My IP address ?
Peer identifier = Peer IP address ?
NAT Traversal is enabled
VPN: IPsec: Security Policy Database can see two sessions installed
VPN: IPsec: Security Association Database is empty
Logged
ntkevinshao
Newbie
Posts: 12
Karma: 1
Re: IPsec Site to Site VPN with One Site Behind NAT
«
Reply #1 on:
August 15, 2022, 12:23:34 pm »
I know where the problem is :
Site 2 Remote Site OpnSense #2
My Identifier should use IP address 100.1.1.2 which is the outbound public address after NAT
I should use 192.168.3.22
«
Last Edit: August 15, 2022, 04:46:15 pm by ntkevinshao
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec Site to Site VPN with One Site Behind NAT