On Mon, Mar 21, 2011 at 11:35 PM, Vinicius Coque wrote:
> Hi
>
> I have an IPSEC tunnel configured to connect the network 170.60.x.x,
> on side A, with network 189.19.x.x on side B.
>
> LAN Server A INTERNET Server B
> 10.0.0.0/8 189.19.x.x 170.60.x.x
>
> The tunnel connection is established and the traffic between servers
> go through the tunnel with no problems, the problem is when the
> traffic came from LAN. Since the tunnel network is configured to my
> WAN address range, SPD table doesn't has my lan network 10.0.0.0/8
> configured, then traffic from lan to 170.60.x.x goes through wan
> interface instead of enc0.
>
> I know that is possible to do it using NAT on enc0 interface, but I
> tried to configure this many ways without success.
>
> Anybody knows how to make it works on pfSense, or if is it possible to do?
>
It's not possible because of the way the processing in kernel
functions in FreeBSD, traffic won't hit the SPD after NAT is applied,
so traffic that gets NATed to your public IPs even if they're the
local end of your IPsec, won't hit IPsec. That's true of tunnel mode,
but not transport mode. Transport mode may be an option.
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org