Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT over IPSEC VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT over IPSEC VPN (Read 2088 times)
jjoseph
Newbie
Posts: 4
Karma: 0
NAT over IPSEC VPN
«
on:
March 02, 2023, 03:19:09 pm »
Hello everyone. Hope you are all having a good day today. I need some help with an issue I am trying to get going. I have a requirement to setup an IPSEC VPN (site to site) and do NAT'ing across from the remote site to the main site. We are going to have a lot of VPNs coming into the main site, and we need to NAT the remote sites traffic coming in.
In my example here, I have a remote site with a 192.168.10.0/24 network, and I need to NAT that traffic to be 172.16.10.0/24 as it leaves the OPNsense box and goes across the VPN to the main site. I have tried several things, but can not seem to get this to work. Any help would be appreciated on how to do this.
Logged
atom
Full Member
Posts: 207
Karma: 4
Re: NAT over IPSEC VPN
«
Reply #1 on:
March 02, 2023, 03:39:49 pm »
Hi,
have you seen the documentation on this yet ?
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-binat.html
Regards,
atom
Logged
jjoseph
Newbie
Posts: 4
Karma: 0
Re: NAT over IPSEC VPN
«
Reply #2 on:
March 02, 2023, 05:21:02 pm »
Thank you for that link. I did try that, and it did not work for me. After I configured that very thing, I did a tracert and it appeared to go out to the internet instead of across the VPN, seeing that the first hop was the internal ip of the opnsense box and the second was the public ip next hop from the firewall. Is there anything else that has to be configured with this?
Logged
atom
Full Member
Posts: 207
Karma: 4
Re: NAT over IPSEC VPN
«
Reply #3 on:
March 02, 2023, 06:21:45 pm »
Is 172.16.10.0/24 your transfer network ? What is the third network ?
Logged
jjoseph
Newbie
Posts: 4
Karma: 0
Re: NAT over IPSEC VPN
«
Reply #4 on:
March 02, 2023, 09:17:18 pm »
172.16.10.0/24 is the "NAT to" address range. Where 192.168.10.0/24 is the "to be NATed" address range. The main site is 192.168.1.0/24.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: NAT over IPSEC VPN
«
Reply #5 on:
March 02, 2023, 09:43:17 pm »
So, client with 192.168.10 wants to reach .1 and source should be natted to 172?
Then you need a Phase 2 for 172 to 192.168.1, add 192.168.10.0/24 to SPD in P2 and an outbound nat, interface ipsec, source 192.168.1, destination. 10., translated 172.x
«
Last Edit: March 03, 2023, 06:21:00 am by mimugmail
»
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
jjoseph
Newbie
Posts: 4
Karma: 0
Re: NAT over IPSEC VPN
«
Reply #6 on:
March 02, 2023, 10:40:49 pm »
I'll give that a try. Thank you.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT over IPSEC VPN