Date: Wed, 05 Aug 2020 06:07:19 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 248474] NAT broken on IPsec/VTI [if_ipsec] Message-ID: <bug-248474-7501-ql9ducbAai@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-248474-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-248474-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248474 --- Comment #2 from Ziomalski <kokosmaps@gmail.com> --- (In reply to crest from comment #1) The reason I posted here was because of the following pfSense Dev response: https://forum.netgate.com/topic/155803/nat-still-broken-on-ipsec-vti/2 I am currently on pfS 2.4.5 which is still FreeBSD 11.3. I have my 192.168 = lan subnet that needs to communicate accross a VTI as a single IP 10.x.y.z with NAT. Packet capture on the VTI shows correct translation in both directions however it never reaches back to my LAN. However, I have noticed that the default deny rule on the WAN shows the 10.x.y.z destination as blocked. My ipsec firewall tab has an allow *all* rule.=20 If you are positive about 12.1, I think my best bet is to spool up the new = 20.7 Opnsense and give it a go there.=20 I can provide the details to my current config but I think this is a dead e= nd with 11.3 Thanks for your help! --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248474-7501-ql9ducbAai>