[Bug 248474] NAT broken on IPsec/VTI [if_ipsec]

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Aug 5 06:07:19 UTC 2020


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474

--- Comment #2 from Ziomalski <kokosmaps at gmail.com> ---
(In reply to crest from comment #1)
The reason I posted here was because of the following pfSense Dev response:
https://forum.netgate.com/topic/155803/nat-still-broken-on-ipsec-vti/2

I am currently on pfS 2.4.5 which is still FreeBSD 11.3. I have my 192.168 lan
subnet that needs to communicate accross a VTI as a single IP 10.x.y.z with
NAT. Packet capture on the VTI shows correct translation in both directions
however it never reaches back to my LAN. However, I have noticed that the
default deny rule on the WAN shows the 10.x.y.z destination as blocked. My
ipsec firewall tab has an allow *all* rule. 

If you are positive about 12.1, I think my best bet is to spool up the new 20.7
Opnsense and give it a go there. 

I can provide the details to my current config but I think this is a dead end
with 11.3

Thanks for your help!

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-net mailing list