Project

General

Profile

Actions

Bug #12851

closed

IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network

Added by Michele D'Alessio 8 months ago. Updated 8 months ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Inside the section:
VPN / IPsec / Tunnels / Edit Phase 2

If I try to change the local network address, the following error appears:
"The following input errors were detected:
Local network subnet size and NAT local network subnet size cannot be different."

In the previous version (2.5.2) it was possible to have different size from "local network" and "lan netowork", as it's shown in the attached image.

Now, after the update to the version 2.6.0, it's not possibile to edit previous configuration if the size of the Local/NAT Network subnet aren't the same.


Files

IPSec - Edit Phase 2.PNG (65.3 KB) IPSec - Edit Phase 2.PNG Michele D'Alessio, 02/22/2022 07:47 AM
Actions #1

Updated by Jim Pingle 8 months ago

  • Status changed from New to Not a Bug
  • Priority changed from High to Normal

The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be identical, which has always been true. You may not have seen an error but behind the scenes it was not doing what you think it was doing.

Actions #2

Updated by Michele D'Alessio 8 months ago

Jim Pingle wrote in #note-1:

The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be identical, which has always been true. You may not have seen an error but behind the scenes it was not doing what you think it was doing.

We need to add a P2 for the client of OpenVPN Client Subnet 10.200.0.0/24 that must reach another site (IPSEC) with its network 192.168.0.0\21 through the network of the PFSense Machine 10.0.0.0/17.
The subnet of the OpenVPN Client is always smaller than of the PFSense Subnet, which includes more VLANs.
Maybe it's not properly correct, but every OpenVPN Client connected to the PFSense reaches all devices in the PFSense Network and all devices in the remote network through IPSec.

Actions

Also available in: Atom PDF