IPSec tunnel not working with NAT

Started by jesperfr, September 06, 2018, 12:46:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 06, 2018, 12:46:14 PM
Hi all,

I'm trying to setup a IPSec towards a customer, but I can't get it to work. The tunnel comes up (both Phase1 and 2), but no traffic is being tunneled.

I have created an outbound NAT rule, that hides all hosts on Vlan 32 (10.222.8.0/22) dest. 10.38.134.48/32  behind a public IP (xxx.xxx.51.239)

Local subnets   SPI(s)   Remote subnets   State   Stats
xxx.xxx.51.239/32   in : caa4e040
out : 581e3f33   10.38.134.48/32   INSTALLED
Routed   Time : 590
Bytes in : 0
Bytes out : 0

It also says that route is installed, but I can't see the route under Routes --> status. I can see routes for the other IPSec tunnels running on this firewall, but not this one (this is the only tunnel where NAT is used)

If I try to do a ping from interface addr, on Vlan32, then I would expect that the "bytes out" counter will increase, but this is not the case. There is no traffic seen on the firewall in remote end.

The following versions is running on the firewall:
OPNsense 18.1.5-amd64
FreeBSD 11.1-RELEASE-p8
OpenSSL 1.0.2n 7 Dec 2017


Any idea what could be wrong ?
November 30, 2018, 10:51:14 AM #1
Hello,
I think I have same problems, do you have you found a solution ?


Regards,
Benoit
July 30, 2019, 04:34:55 PM #2
No, I haven't found a solution
Print
Go Up Pages1
User actions