Project

General

Profile

Actions
Copy link

Bug #3198

closed

IPSEC, when nating to a different size subnet a invalid natting rule is made.

Added by Pi Ba over 12 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
2.2
Start date:
09/14/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
All

Description

IPSEC, when nating to a different size subnet a invalid natting rule is made.

Reproducable with these phase2 settings:
Local: 192.168.1.0/24
NAT/BINAT: 172.16.44.0/28
Remote: 20.0.0.0/24

[ There were error(s) loading the rules: /tmp/rules.debug:66: binat source mask and redirect mask must be the same - The line in question reads [66]: binat on enc0 from 192.168.1.0/24 to 20.0.0.0/24 -> 172.16.44.0/28]

Also a localnet of 0.0.0.0 and natting that to a subnet generates no rule at all..
Also disabled ipsec rules still generate nat rules..

This can be fixed by: https://github.com/pfsense/pfsense/pull/784

Actions
Copy link

Also available in: Atom PDF