Hi, I’m looking for a virtual firewall to take the place of the native AWS vpn functionality.
The reason I’m looking for this is that AWS vpns don’t allow NAT and our customer is using the same network ranges as ourself.
What I would like is for the customer to connect to a range of IP addresses that we offer through the vpn, the traffic to arrive and then get translated to the actual addresses of the AWS instances with the responses appearing to come from the NAT addresses.
I’m new to ipfire and I’d like to know if this is possible before jumping in.
The list of issues is long, but here is the - in my opinion - the most important one:
It is confusing. Although not a technical issue, this is causing chaos in your documentation which you now cannot share with the other side and you will just end up with loads of configuration issues - which will be security issues in the end.
You will have to translate addresses twice. Once when you send packets and once when they come back in. That causes some you see them with different IP addresses in different stages of the firewall engine. Maybe this goes back to reason number one, but there is too many chances to get it wrong.
Since I do not know much about your environment (size, how long would it take and how else is being affected) I cannot really tell you to change it. But if there is any chance, then do it. Otherwise I can recommend that you contact me through Lightning Wire Labs and I can help you to configuring this on the console with IPFire and setting up the rest of the VPN.