IPSEC and subnets

Started by ckdre, March 25, 2025, 02:17:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 25, 2025, 02:17:40 PM
Good morning,
I need to preplace an old Fortigate device that's connected with an IPSEC vpn to a remote router.
First I need to specify that I can't have any access or right to modify any parameter of the remote router.
My lan has subnet 192.168.1.0/24, but the remote ipsec config require a subnet 10.20.30.0/24.
I checked the old Fortigate setup, and to solve this problem it has a "virtual IP" configuration, where the subnet 10.20.30.0 is nat 1-1 on 192.168.1.0.

There is a way to do it with OpnSense? I mean, can I use the subnet 10.20.30.0/24 to connect the IPSEC vpn but makes the traffic on interface with subnet 192.168.1.0/24  go through vpn?


I hope I explained myself clearly

Cristian
March 25, 2025, 03:56:56 PM #1
What you're looking for is described here in the Docs:
IPSec - BINAT (NAT before IPSec)
Print
Go Up Pages1
User actions