Bug #12851
closed
IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network
0%
Description
Inside the section:
VPN / IPsec / Tunnels / Edit Phase 2
If I try to change the local network address, the following error appears:
"The following input errors were detected:
Local network subnet size and NAT local network subnet size cannot be different."
In the previous version (2.5.2) it was possible to have different size from "local network" and "lan netowork", as it's shown in the attached image.
Now, after the update to the version 2.6.0, it's not possibile to edit previous configuration if the size of the Local/NAT Network subnet aren't the same.
Files
Updated by Jim Pingle over 2 years ago
- Status changed from New to Not a Bug
- Priority changed from High to Normal
The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be identical, which has always been true. You may not have seen an error but behind the scenes it was not doing what you think it was doing.
Updated by Michele D'Alessio over 2 years ago
Jim Pingle wrote in #note-1:
The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be identical, which has always been true. You may not have seen an error but behind the scenes it was not doing what you think it was doing.
We need to add a P2 for the client of OpenVPN Client Subnet 10.200.0.0/24 that must reach another site (IPSEC) with its network 192.168.0.0\21 through the network of the PFSense Machine 10.0.0.0/17.
The subnet of the OpenVPN Client is always smaller than of the PFSense Subnet, which includes more VLANs.
Maybe it's not properly correct, but every OpenVPN Client connected to the PFSense reaches all devices in the PFSense Network and all devices in the remote network through IPSec.