_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
I'm having trouble with NAT'ed traffic through a GRE interface that is
going over an IPSEC connection. Pfsense itself can get ping replies
from the remote end, but the hosts on the LAN can not. NAT is enabled,
so the source IP for LAN hosts is the local /30 tunnel address. The
irony is that Tcpdump shows ping replies from LAN hosts hitting
pfSense's GRE interface (NAT'ed), and the states in the state table
match those of a working NAT'ed non-GRE interface. There are no
firewall entries for the source or destination addresses. I feel like I
must be missing a concept, or this would be working. I'm thinking that
as the tunnel is unwrapped, maybe the IP's may mismatched to the IPSEC
SA or something? Any ideas?
