Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
IPSec with NAT not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec with NAT not working (Read 3544 times)
aniwon
Newbie
Posts: 3
Karma: 0
IPSec with NAT not working
«
on:
June 19, 2017, 05:40:13 pm »
Hi,
we've migrated successfully from a SonicWall to a OPNsense box and almost everything works as expected.
There is just one problem: We have an IPSec tunnel to a customer which requires a /32-address on our site to be NATed to their /24-Network. We connect to a different local network on their site.
The required /32-address is configured as a virtual IP.
When I set this up - Phase 2 Local Network is our LAN Subnet, NAT address is the required /32-address - I can't connect to the other endpoint. Upon calling the customer and inspecting the log, he's telling me that we come in with the wrong IP and a /24-Subnet.
When I enter the required /32-address in the Phase 2 Local Network and disable NAT the IPSec tunnel connects successfully.
But I haven't found a way to route our LAN over the established tunnel.
Am I missing something?
Logged
aniwon
Newbie
Posts: 3
Karma: 0
Re: IPSec with NAT not working
«
Reply #1 on:
June 20, 2017, 07:23:13 pm »
I've probably found the problem. There seems to be a general issue with IPsec and NAT.
https://github.com/opnsense/core/issues/440
So there are two dirty solutions for me then:
* Negotiate another VPN solution with the customer, or suggesting different settings the customer might be uncomfortable with (or we as well)
* Use the SonicWall again just for the IPsec tunnel
«
Last Edit: June 21, 2017, 09:23:59 am by aniwon
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
IPSec with NAT not working