Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] IPSEC NAT/BINAT
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] IPSEC NAT/BINAT (Read 17956 times)
minos
Newbie
Posts: 1
Karma: 1
[SOLVED] IPSEC NAT/BINAT
«
on:
July 14, 2015, 01:29:38 pm »
Hi,
I'm just trying to setup an IPSEC VPN with NAT before IPSEC since I need to change the source address. As far as I understood is that I can use the NAT/BINAT setting in phase2 to get exactly what I want, but unfortunately its not working. So I hope that someone can help me to figure out whats wrong.
LAN: 192.168.1.0/24
NAT/BINAT 192.168.14.1/32
Remote: 10.x.x.12
My problem is that I got no SPD rule if the tunnel came up. If I change the setting to NAT/BINAT: 192.168.14.0/24 I got SPD rules but since I need to connect from an specific IP this wont work.
Furthermore I see no traffic going through the IPSEC tunnel at all and no errors anywhere.
Do I have to configure additional NAT rule or routes or anything else?
The phase1 and phase2 setting are correct since I can connect with racoon from another host with exactly the same settings.
Any help is appreciated.
regards
stefan
«
Last Edit: October 13, 2015, 07:15:09 am by franco
»
Logged
fraenki
Full Member
Posts: 171
Karma: 28
Re: IPSEC NAT/BINAT
«
Reply #1 on:
October 07, 2015, 01:54:35 pm »
Sounds like we have a very similar problem. I've opened a bug report:
https://github.com/opnsense/core/issues/369
Logged
franco
Administrator
Hero Member
Posts: 13902
Karma: 1206
Re: IPSEC NAT/BINAT
«
Reply #2 on:
October 11, 2015, 01:47:26 pm »
I heard someone will look at this next week.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 855
Karma: 165
Re: IPSEC NAT/BINAT
«
Reply #3 on:
October 12, 2015, 03:24:48 pm »
Just fixed the issue, more information over here:
https://github.com/opnsense/core/issues/369
The changes will probably be part of the next release.
Logged
franco
Administrator
Hero Member
Posts: 13902
Karma: 1206
Re: IPSEC NAT/BINAT
«
Reply #4 on:
October 13, 2015, 07:15:00 am »
Most definitely 15.7.17, thanks everyone!
Logged
Kuragari
Jr. Member
Posts: 66
Karma: 11
Re: [SOLVED] IPSEC NAT/BINAT
«
Reply #5 on:
October 20, 2015, 05:08:35 pm »
Same problem. I have mobiles users VPN IPSec and NAT don't work.
Any special things to do in the configuration ? I have NAT in Hybrid mode, i saw the automatic NAT rules, I have a firewall rule on IPSec interface that allow all traffic, so I think all is ok.
If it is a bug, is that work with the least release 7.17 ?
Logged
AdSchellevis
Administrator
Hero Member
Posts: 855
Karma: 165
Re: [SOLVED] IPSEC NAT/BINAT
«
Reply #6 on:
October 20, 2015, 05:19:52 pm »
Frank wrote some additional comments on this subject, here:
https://github.com/opnsense/core/issues/440
Outbound nat on real tunnels functions (defined in the NAT/BINAT option of the phase2 tunnel) should work, but you can't define custom nat rules for ipsec traffic at the moment. (the option is just not there)
I have tested the first with a point-to-point setup.
Probably we're going to add this feature at some point, but no date is set yet.
Logged
Kuragari
Jr. Member
Posts: 66
Karma: 11
Re: [SOLVED] IPSEC NAT/BINAT
«
Reply #7 on:
October 21, 2015, 09:33:41 am »
Hello, I am not an IPSec VPN expert so what i need to put in NAT/BINAT option to make working NAT for my VPN client.
Actually i have a functionnal VPN configuration for mobiles users, only NAT don't work. The option NAT/BINAT is set to None.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 855
Karma: 165
Re: [SOLVED] IPSEC NAT/BINAT
«
Reply #8 on:
October 21, 2015, 09:40:51 am »
Hi,
If you want to outbound nat all your traffic from your tunnel to one ip, you can select under NAT/BINAT:
Type : Address
Address: Your (firewall) IP you want to nat to
That should do the trick.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] IPSEC NAT/BINAT
