IPSEC VPN Gateway

Started by green, March 07, 2025, 05:58:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 07, 2025, 05:58:50 PM
Hello everyone.

I'm trying to set up IPSEC between two OPNSENSE nodes "A" and "B" (Route Based).
Node "A" has a static IP - "static-ip-a"
Node "B" has a static IP - "static-ip-b"
Phase 1 connections are working. The VPN tunnel is starting.

On node "A" the local network is 172.20.2.0/24, on node "B" the local network is 172.20.3.0/24. How can I make the clients of network "A" go to the Internet through the gateway of network "B"?

I want the external IP address of the clients of network "A" to be "static-ip-b".

Thank you for any help.
Andrey.
March 07, 2025, 06:23:09 PM #1
Policy route all upstream traffic from A to B.

At B you need to add an Outbound NAT rule on WAN for the subnets of A.

To catch upstream traffic only with the policy routing rule, its a good practice to create an RFC 1918 alias and add all private network ranges to it.
Use this alias in the policy routing rule as destination in conjunction with "invert" then. This way the rule matches to any other destination but private networks.
Print
Go Up Pages1
User actions