Good morning,
I need to preplace an old Fortigate device that's connected with an IPSEC vpn to a remote router.
First I need to specify that I can't have any access or right to modify any parameter of the remote router.
My lan has subnet 192.168.1.0/24, but the remote ipsec config require a subnet 10.20.30.0/24.
I checked the old Fortigate setup, and to solve this problem it has a "virtual IP" configuration, where the subnet 10.20.30.0 is nat 1-1 on 192.168.1.0.
There is a way to do it with OpnSense? I mean, can I use the subnet 10.20.30.0/24 to connect the IPSEC vpn but makes the traffic on interface with subnet 192.168.1.0/24 go through vpn?
I hope I explained myself clearly
Cristian
What you're looking for is described here in the Docs:
IPSec - BINAT (NAT before IPSec) (https://docs.opnsense.org/manual/how-tos/ipsec-s2s-binat.html)