Date: Tue, 04 Aug 2020 20:31:29 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 248474] NAT broken on IPsec/VTI [if_ipsec] Message-ID: <bug-248474-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474 Bug ID: 248474 Summary: NAT broken on IPsec/VTI [if_ipsec] Product: Base System Version: Unspecified Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: kokosmaps@gmail.com Per pfSense documentation and many forum posts going back 5 years, NAT is still not possible on routed IPsec/VTI tunnels. When NAT is setup, packets correctly get translated and sent out the tunnel. However, packets returning never cross back into LAN. Here is an example. https://forum.netgate.com/topic/132970/ipsec-vti-tunnels/31 Last sentence of documentation. https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipsec-routed.html >From everything I can find, the issue resides with the if_ipsec implementation in FreeBSD. Debian based systems like VyOS and EdgeMax have no issues with this. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248474-227>