snat per tunnel interface for overlapping ips in route based vpn

Started by multazimd, Today at 08:02:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 08:02:31 PM
We have requirement to Route based VTI with overlapping customer remote networks in different tunnels to be routed to different applications at our end. In order to achieve the same, we need to create unique tunnel interfaces per connection and have ability to do SNAT on each tunnel interface so that we can differentiate the customers based on local networks.
 
Customer A Remote Network 192.168.0.0/24 -> SNAT in customer A's VTI to VIP A -> Customers A's local app subnet
Customers A's local app subnet -> VIP A -> DNAT to Customer A Remote Network 192.168.0.0/24
 
Customer B Remote Network 192.168.0.0/24 -> SNAT in customer B's VTI to VIP B -> Customers B's local app subnet
Customers B's local app subnet -> VIP B -> DNAT to Customer A Remote Network 192.168.0.0/24

How can we achieve this in opnsense?
Print
Go Up Pages1
User actions