Hello community.
I would like to use IPSec without NAT (to avoid nat-traversal on my side, keep it simple) on my specific network configuration.
On Interface facing to my internet provider, I have dhcp asigned private IP (172.16.30.46). This IP address is bound to me and not changing over time.
My provider set route for some public IP addresses (/29 mask) over this IP address. You can imagine simple route:
Route add 1.1.1.0/29 next hop 172.16.30.46
Those IP addresses are object for NAT and Iam using it for public services. Without any problem.
But, Iam not able to use those IP addresses for IPSec - in case I would like to avoid NAT-traversal. Because IPSec need to be bound on outgoing interface with specific IP address.
Do anyone knows the way how to set public IP (1.1.1.3) to EdgeRouter "internally" and use it for IPSec communication. Without wasting any other of the range.
I have tried to set address 1.1.1.3/32 to loopback, but it fails on commit when I have tried to use this IP address as local for IPSec peer (site-to-site VPN).
Thanks
JR.