After some more research, I discovered a few things.
The nat in the enc0 interface that you informed me was correct.
The part I did not understand and did not know until now is that when
the tunnel is / 24 to / 24 external routes do not enter into the route
table of the setkey command.
After discov
I tried first that way you said, but it doesn't work, returned the
expired ttl message in transit, when I try to run icmp from some host
that is on a network outside freebsd, in my test only with the nat
rule in enc0
Running tests from a host on another network, for example on the
10.7.8.0/24 netw
You don't need rdr
nat on enc0 inet from 10.0.0.0/8 to 10.31.32.0/24 -> 10.19.12.251
On 17.03.20 14:35, Cristian Cardoso wrote:
I tried as follows without success:
rdr on xn0 inet proto icmp from 10.31.32.67 to 10.0.0.0/8 -> 10.19.12.251
nat on xn0 inet proto icmp from 10.0.0.0/8 to 10.31.32.
I tried as follows without success:
rdr on xn0 inet proto icmp from 10.31.32.67 to 10.0.0.0/8 -> 10.19.12.251
nat on xn0 inet proto icmp from 10.0.0.0/8 to 10.31.32.67/32 -> 10.19.12.251
rdr on enc0 inet proto icmp from 10.31.32.67 to 10.0.0.0/8 -> 10.19.12.251
nat on enc0 inet proto icmp from 10.
Hi!
PF do NAT on outbound and RDR on inbound.
You can try to do NAT on enc0 interface instead of lan.
On 17.03.20 04:28, Cristian Cardoso wrote:
Hello
I'm setting up a Freebsd server for ipsec vpn communication with
strongswan and I'm having some difficulties in the operation
The freebsd serv
