SNAT over IPSEC

aedaxus2 · 16 December 2022 15:36

Hello,

I tried searching the documentation (and the forums)but nothing appear to come close to my question.

I need to source NAT GREEN over IPSEC. The other side will do the same.
Is this possible?

GREEN : 10.9.147.0/24

IPSEC to New Destination (192.168.1.0/24) <–> (192.168.2.0/24)

The thing is I can set up the IPSEC and just change the “Local subnet” field (from 10.9.147.0/24 to 192.168.1.0/24) but is this supported?
I can even set up the SNAT as a firewall rule ; but will this work? Source GREEN, NAT 'use NAT, option Source NAT, but then… no option to select the IPSec subnet… Destination would be IPSec Networks (testVPN) Protocol can be all, doesn’t matter much.

Does IPFire support SNAT to connect over IPSEC or is this an advanced feature only specific firewalls support?

(here is a link to how another firewall system should be configured. Just in case the actual question wasn’t clear; IPSec BINAT (NAT before IPSec) — OPNsense documentation)

aedaxus2 · 31 December 2022 10:07

@ms Do you know if IPFire supports the SNAT over IPSec?

aedaxus2 · 17 January 2023 19:30

I will assume it does not work as it’s been quite some time now and no replies. For that customer I’ll use another firewall solution, kinda sad but it is what it is.

cfusco · 18 January 2023 10:56

My guess is that no one reading this forum has knowledge of what you are asking. Keep in mind that IPFIre is Linux with iptables and IPSec is also taken from the upstream development source. Likely it can do what you are asking. However, I do not know how to do that. Possibly, such a solution needs entering configuration settings in the console and would not be supported by the Web User Interface.