Discussion:
[pfSense] Problems with VPN
Thomas Kristensen
2018-03-19 13:43:30 UTC
Permalink
Hey
 
I got this problem with my pfsense firewall and iam stuck, hoping anyone can help or got any tips.
 
Here the information on the system.
 
WAN:  87.54.27.48/26
LAN: 192.168.16.218/24
Default gateway: 87.54.27.1
 
I got this VPN:
Remote peer: 176.22.67.241
 
Remote network: 195.80.240.0/20
Local network: 195.80.247.112/29

 
I got this Outbound nat rule:
Interface IPsec
Source: 192.168.16.0/24
Dest: 195.80.240.0/20
NAT Address: 195.80.247.114/32

 
The problem is that traffic is leaving the WAN interface, instead of being routed over the IPSec interface and then SNAT'et to 195.80.247.114 for the tunnel to allow traffic.
 
Firewall rules on Lan:
I have allow all from LAN.
 
I am totally stuck and hoping anyone can help me.
 
Med venlig hilsen
Thomas Kristensen

Storhaven 12 - 7100 Vejle
Tlf: 75 72 54 99 - Fax: 75 72 65 33
E-mail: ***@multimed.dk
 
d***@nvus.co.uk
2018-03-19 14:27:08 UTC
Permalink
Could be wrong but I think you need to define the NAT as part of the phase-2
tunnel...

Dan

-----Original Message-----
From: List <list-***@lists.pfsense.org> On Behalf Of Thomas Kristensen
Sent: 19 March 2018 13:44
To: ***@lists.pfsense.org
Subject: [pfSense] Problems with VPN

Hey
 
I got this problem with my pfsense firewall and iam stuck, hoping anyone can
help or got any tips.
 
Here the information on the system.
 
WAN:  87.54.27.48/26
LAN: 192.168.16.218/24
Default gateway: 87.54.27.1
 
I got this VPN:
Remote peer: 176.22.67.241
 
Remote network: 195.80.240.0/20
Local network: 195.80.247.112/29

 
I got this Outbound nat rule:
Interface IPsec
Source: 192.168.16.0/24
Dest: 195.80.240.0/20
NAT Address: 195.80.247.114/32

 
The problem is that traffic is leaving the WAN interface, instead of being
routed over the IPSec interface and then SNAT'et to 195.80.247.114 for the
tunnel to allow traffic.
 
Firewall rules on Lan:
I have allow all from LAN.
 
I am totally stuck and hoping anyone can help me.
 
Med venlig hilsen
Thomas Kristensen

Storhaven 12 - 7100 Vejle
Tlf: 75 72 54 99 - Fax: 75 72 65 33
E-mail: ***@multimed.dk
 
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


---
This email has been checked for viruses by AVG.
http://www.avg.com
Thomas Kristensen
2018-03-19 14:30:44 UTC
Permalink
I cant doo that, because i need different nat pr. customer that need to use the tunnel.

Med venlig hilsen
Thomas Kristensen

Storhaven 12 - 7100 Vejle
Tlf: 75 72 54 99 - Fax: 75 72 65 33
E-mail: ***@multimed.dk

-----Oprindelig meddelelse-----
Fra: List [mailto:list-***@lists.pfsense.org] På vegne af ***@nvus.co.uk
Sendt: 19. marts 2018 15:27
Til: 'pfSense Support and Discussion Mailing List' <***@lists.pfsense.org>
Emne: Re: [pfSense] Problems with VPN

Could be wrong but I think you need to define the NAT as part of the phase-2 tunnel...

Dan

-----Original Message-----
From: List <list-***@lists.pfsense.org> On Behalf Of Thomas Kristensen
Sent: 19 March 2018 13:44
To: ***@lists.pfsense.org
Subject: [pfSense] Problems with VPN

Hey
 
I got this problem with my pfsense firewall and iam stuck, hoping anyone can help or got any tips.
 
Here the information on the system.
 
WAN:  87.54.27.48/26
LAN: 192.168.16.218/24
Default gateway: 87.54.27.1
 
I got this VPN:
Remote peer: 176.22.67.241
 
Remote network: 195.80.240.0/20
Local network: 195.80.247.112/29

 
I got this Outbound nat rule:
Interface IPsec
Source: 192.168.16.0/24
Dest: 195.80.240.0/20
NAT Address: 195.80.247.114/32

 
The problem is that traffic is leaving the WAN interface, instead of being routed over the IPSec interface and then SNAT'et to 195.80.247.114 for the tunnel to allow traffic.
 
Firewall rules on Lan:
I have allow all from LAN.
 
I am totally stuck and hoping anyone can help me.
 
Med venlig hilsen
Thomas Kristensen

Storhaven 12 - 7100 Vejle
Tlf: 75 72 54 99 - Fax: 75 72 65 33
E-mail: ***@multimed.dk
 
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


---
This email has been checked for viruses by AVG.
http://www.avg.com

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Loading...