I have a pfSense firewall and I need to connect to a remote site (form my client). I'm running into several issues, and don't see traffic flowing in any way.
Here's my setup:
LANis192.168.0.0/16- I have a
WANinterface as the default gateway. - I have a
WAN2interface, that I'd like to use for the tunnel to the remote site. - The remote site is asking my to connect using local IPs of
172.27.10.0/24, as the won't be able to route my traffic otherwise. Their IP range (remote) is10.100.0.0/16.
This is what I did already
- Set up the IPSec tunnel. This works, and I can connect.
- I created a Virtual IP (Firewall -> Virtual IPs) of type
IP Alias, in theLANinterface withIP Addressesof172.27.10.0/24. - I added routes in System -> Routing, so
10.100.0.0/16goes throughWAN2. Same for172.27.10.0/24, I added a route for that traffic to go throughWAN2. - On Firewall -> NAT, Outbount, I created a rule for WAN2, source
192.168.0.0/16, Destination10.100.0.0/16and Translation Address the IP Alias I created (172.27.10.0).
With all this setup, I can't connect to any remote address. Even more, I don't see the tunnel connecting, so I guess it's not getting the traffic it needs.
I'm also not seeing any useful information in the firewall log.
Am I doing things right? (or slightly close to right?).
You can't NAT like that, it hits IPsec before the NAT. You'll have to use 2.1 and its IPsec NAT capabilities in the phase 2. You can only map a /24 to a /24 so you won't be able to map your entire internal /16 to that /24, only a /24 out of the /16.