Ipsec NAT/BINAT option missing

wickeren · September 09, 2017, 03:28:47 PM

Reading the docs it seems there should be a NAT/BINAT options in the ipsec phase2 settings to do translation before the traffic enters the tunnel. However, in my setup (17.7.1) it is missing. Has this changed and are the docs not updated or am I missing something else?

Julian

AdSchellevis · September 09, 2017, 04:37:15 PM

Hi Julian,

You need the manual SPD entries at the bottom of the phase 2 entry plus a nat/binat rule.
For more information see https://github.com/opnsense/core/issues/440

Best regards,

Ad

franco · September 09, 2017, 04:50:03 PM

The NAT/BINAT option no longer exists in the Phase 2 setup, I proposed a change in the docs to reflect that.

The setting is automatically set up now, unless you require NAT before IPsec, which Ad was pointing to with issue #440.

Cheers,
Franco

Ipsec NAT/BINAT option missing

wickeren

September 09, 2017, 03:28:47 PM

AdSchellevis

September 09, 2017, 04:37:15 PM #1

franco

September 09, 2017, 04:50:03 PM #2