Bug #11190
closed
IPsec VTI outbound NAT to interface address not working (pfsense 2.4.5-p1)
0%
Description
I have the same exact problem as this post https://www.reddit.com/r/PFSENSE/comments/cegi8d/ipsec_vti_nat_in_244p3/ and I posted on the pfsense forum as well https://forum.netgate.com/topic/159252/ipsec-outbound-nat-to-interface-address-reply-traffic-destination-ip-not-being-translated-back-to-original-source-ip/2?_=1608536857656. But basically the summary of the problem is if you have two sites connected by a Routed VTI IPsec tunnel and create an outbound NAT rule on the local site to SNAT to the site's pfsense IPsec interface IP address when accessing a host on the remote end, you do get the return traffic back up to the local IPsec interface but somehow gets dropped and never reaches the source (doesn't use the outbound NAT table to translate back to the original source). This method is a known workaround of IPsec not supporting reply-to's but it is not working as well. There are a couple of people confirming that it is not working also but I'm not sure why as it was published as an official workaround.
Updated by 
Updated by