Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
NAT ipsec VPN tunnel
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT ipsec VPN tunnel (Read 557 times)
tstaba
Newbie
Posts: 1
Karma: 0
NAT ipsec VPN tunnel
«
on:
July 30, 2024, 08:46:03 am »
Hi guys,
New at opnsense here. I have a new client that is using opnsense. On my side I have Sophos XG appliance.
The issue is that the customers from before are using the same local subnet as is this new customer.
We need to create a NAT VPN tunnel.
New customer ( Customer A) is using 192.168.0.0/21 subnet.
That interferes with already existing 192.168.0.0/24 on another customer.
We would like to use 172.24.0.0/24 subnet to connect to new customer.
Bare in mind, there are alreday cca 80 hosts in this 192.168.0.0/21 subnet.
We need to be able to acces those clients with their existing IP addresses (for example 192.168.6.12) throught the vpn tunnel .
Can anyone help?
Logged
advanced-user
Newbie
Posts: 4
Karma: 0
Re: NAT ipsec VPN tunnel
«
Reply #1 on:
August 29, 2024, 10:07:13 am »
Dear tstaba,
what you need to do is to use subnets for the unique routing between both sites with so far unused subnets.
So eg. for Site A you need to imagine 192.168.6.0/24 is eg. 192.168.20.0/24 (but only for the transfer via IPsec and vice versa): So for Site A use for example 192.168.20.0/24 and for site B 192.168.21.0/24;
In OPNsense then you need to BINAT for your ipsec traffic. In the IPsec config you need to assign these subnets as local and remote network, on site A: local: 192.168.20.0/24 remote: 192.168.21.0/24 and on site B: local 192.168.21.0/24 remote 192.168.20.0/24
via BINAT you need to SNAT (NETMAP) your client-IP (192.168.6.x) to the fake-net (192.168.20.x). This will then be routed via ipsec.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
NAT ipsec VPN tunnel