IPSec tunnel not working with NAT

[jesperfr]

Hi all,

I'm trying to setup a IPSec towards a customer, but I can't get it to work. The tunnel comes up (both Phase1 and 2), but no traffic is being tunneled.

I have created an outbound NAT rule, that hides all hosts on Vlan 32 (10.222.8.0/22) dest. 10.38.134.48/32  behind a public IP (xxx.xxx.51.239)

Local subnets   SPI(s)   Remote subnets   State   Stats
xxx.xxx.51.239/32   in : caa4e040
out : 581e3f33   10.38.134.48/32   INSTALLED
Routed   Time : 590
Bytes in : 0
Bytes out : 0

It also says that route is installed, but I can't see the route under Routes --> status. I can see routes for the other IPSec tunnels running on this firewall, but not this one (this is the only tunnel where NAT is used)

If I try to do a ping from interface addr, on Vlan32, then I would expect that the "bytes out" counter will increase, but this is not the case. There is no traffic seen on the firewall in remote end.

The following versions is running on the firewall:
OPNsense 18.1.5-amd64
FreeBSD 11.1-RELEASE-p8
OpenSSL 1.0.2n 7 Dec 2017


Any idea what could be wrong ?

[fixit]

Hello,
I think I have same problems, do you have you found a solution ?


Regards,
Benoit

[jesperfr]

No, I haven't found a solution