pfSense

Thanks to FreeBSD 9 it should be now possible to NAT before the VPN in order to solve network overlapping.

Here http://www.undeadly.org/cgi?action=article&sid=20090127205841 there's an example where this feature has been implemented. According to the "Deconflicting networks example" it should be now possible to nat an entire network to a new one before the VPN encodes the traffic for the remote network.

If this works, it should be possible to add an option "Nat as" in the IPSec Phase 2 form where is asked the network (or the single ip address in case of outgoing nat).

The linked info is still OpenBSD-only I believe.

Just to synchronize the answer
http://forum.pfsense.org/index.php/topic,38559.msg210340.html#msg210340

Hi, sorry for this later testing.
I have figured out how to test it without upgrading to 2.1 in my production environment, and I am using two pfSense (Office 2.0.2 and Home 2.1).

The first phase 2 (Local LAN to Remote LAN) has no problems.
The second phase 2 (Local LAN to Remote DMZ) on the remote side of the VPN (the Office) gets up with no problems.
On the local box, on SPD I see:
10.0.3.0/24 192.168.28.0/24 >> (correct)
192.168.22.0/24 10.0.3.0/24 << (not correct, the 192.168.22.0 should be translated to 192.168.28.0/24 according to the "In case you need NAT/..." setting for this phase2.

Am I mistaking something or there is something else I should add?

Thanks,
Michele

Hi!
I have a same problem as Michele Di Maria. - Please reopen a ticket.

This is tested and working in several production networks, there are no confirmed issues currently. Please post in the forum to ensure that you do not have a configuration issue. If a bug can be confirmed there, a new ticket can be opened.