Bug #12851
closed
IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network
Added by Michele D'Alessio over 2 years ago.
Updated over 2 years ago.
Description
Inside the section:
VPN / IPsec / Tunnels / Edit Phase 2
If I try to change the local network address, the following error appears:
"The following input errors were detected:
Local network subnet size and NAT local network subnet size cannot be different."
In the previous version (2.5.2) it was possible to have different size from "local network" and "lan netowork", as it's shown in the attached image.
Now, after the update to the version 2.6.0, it's not possibile to edit previous configuration if the size of the Local/NAT Network subnet aren't the same.
Files
- Status changed from New to Not a Bug
- Priority changed from High to Normal
The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be identical, which has always been true. You may not have seen an error but behind the scenes it was not doing what you think it was doing.
Jim Pingle wrote in #note-1:
The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be identical, which has always been true. You may not have seen an error but behind the scenes it was not doing what you think it was doing.
We need to add a P2 for the client of OpenVPN Client Subnet 10.200.0.0/24 that must reach another site (IPSEC) with its network 192.168.0.0\21 through the network of the PFSense Machine 10.0.0.0/17.
The subnet of the OpenVPN Client is always smaller than of the PFSense Subnet, which includes more VLANs.
Maybe it's not properly correct, but every OpenVPN Client connected to the PFSense reaches all devices in the PFSense Network and all devices in the remote network through IPSec.
Also available in: Atom
PDF