Netgate Store

Author Topic: Port Forwarding: Remote Client via IPSEC VPN - Port Forward to Pfsense LAN IP  (Read 234 times)

0 Members and 1 Guest are viewing this topic.

Offline rayone

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hello, I am having a IPSEC Port Forwarding Issue, any help appreciated!!

  • Normal: Interal LAN A IP - port forward to WAN - Works fine as you would expect
  • IPSEC Issue: Remote Client IP through IPSEC VPN - port forward to LAN A - doesn't work

Image explains the issue:

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10570
  • Karma: +1209/-324
    • View Profile
I don't get it. 10.0.0.0/16 does not collide with 10.17.0.0/24.

But what you are doing should work, I guess.

Depends on what the rest of the firewall rules on that interface are, the IPsec traffic selectors, any policy routing in place, etc.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline rayone

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Yes, sorry I meant to put 10.0.0.0/8.


In theory it should work, its good to hear that someone else agrees. Here are some further details:

Firewall Rules
Are allow all on all interfaces for testing

IP Traffic Selectors (see image).
Only NAT is not configured, I don't need this right?


Policy Routing
I have not done anything with routing policy. What would I need to do?

Thanks,
Ray

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10570
  • Karma: +1209/-324
    • View Profile
Well that doesn't work because 172.16.0.0/24 is not in the traffic selector. Port forwards translate the destination address, not the source address.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM