I tried searching the documentation (and the forums)but nothing appear to come close to my question.

I need to source NAT GREEN over IPSEC. The other side will do the same.
Is this possible?


IPSEC to New Destination ( <–> (

The thing is I can set up the IPSEC and just change the “Local subnet” field (from to but is this supported?
I can even set up the SNAT as a firewall rule ; but will this work? Source GREEN, NAT 'use NAT, option Source NAT, but then… no option to select the IPSec subnet… Destination would be IPSec Networks (testVPN) Protocol can be all, doesn’t matter much.

Does IPFire support SNAT to connect over IPSEC or is this an advanced feature only specific firewalls support?

(here is a link to how another firewall system should be configured. Just in case the actual question wasn’t clear; IPSec BINAT (NAT before IPSec) — OPNsense documentation)

@ms Do you know if IPFire supports the SNAT over IPSec?

I will assume it does not work as it’s been quite some time now and no replies. For that customer I’ll use another firewall solution, kinda sad but it is what it is.

My guess is that no one reading this forum has knowledge of what you are asking. Keep in mind that IPFIre is Linux with iptables and IPSec is also taken from the upstream development source. Likely it can do what you are asking. However, I do not know how to do that. Possibly, such a solution needs entering configuration settings in the console and would not be supported by the Web User Interface.