OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPsec with non-existing local subnet
« previous next »
  • Print
Pages: [1]

Author Topic: IPsec with non-existing local subnet  (Read 540 times)

ooswald

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
IPsec with non-existing local subnet
« on: January 09, 2023, 12:41:40 pm »
What is the general approach when a remote IPsec site expects our traffic to originate from a subnet which does not exist on our side?

I've established an IPsec tunnel to the remote site (10.100.0.0/16). The local subnet is configured as 10.100.8.96/28 (which is from where they expect our traffic). Tunnel is up:

Code: [Select]
        con2[188]: ESTABLISHED 4 hours ago, *.*.*.*...*.*.*.*
        con2{554}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: *** ***
        con2{554}:   10.100.8.96/28 === 10.100.0.0/16
I added an outbound NAT with translation target set to 10.100.8.97.

Is this enough or do I need to configure anything else, such as a VIP?
« Last Edit: January 09, 2023, 04:27:49 pm by ooswald »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPsec with non-existing local subnet
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2