That was supposed to be simple, but I still can't get it work...
I have a very basic setup:
Site1 LAN <-> OPNsense-FW1 <-- VTI ipsec1000 --> OPNsense-FW2 <-> Site2 LAN
OPNSense-FW1 has a route to Site2 LAN via OPNsense-FW2 dev ipsec1000
OPNSense-FW2 has a route to Site1 LAN via OPNsense-FW1 dev ipsec1000
Hosts in Site1 LAN are able to communicate with hosts in Site2 LAN.
All I would like to accomplish is locally originated traffic from OPNsense-FW1 destined to Site2 LAN subnet to use its Site1 LAN IP address instead of the IP address of ipsec1000 interface.
I assume this is some kind of source NAT with the following logic:
SRC_IP=ipsec1000_IP, DST_IP=Site2 LAN
SRC_NAT_IP=Site1 LAN_IP,
outgoing interface ipsec1000
I tried the above with couple of variations and none of them were working.
What am I missing here?
Regards,
Plamen