Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy based VPN with NAT on TNSR

    Scheduled Pinned Locked Moved
    TNSR
    2
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      prasadpkulkarni
      last edited by

      Hi ,

      Is it possible to set Policy Based VPN on TNSR with Source NAT ( similar to PFSense ) ?

      also does route based VPN support source NAT for IPsec VPN ?

      Thanks in advance

      Regards,

      Prasad

      DerelictD 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @prasadpkulkarni
        last edited by

        @prasadpkulkarni said in Policy based VPN with NAT on TNSR:

        Hi ,

        Is it possible to set Policy Based VPN on TNSR with Source NAT ( similar to PFSense ) ?

        I assume you are referring to what is possible with OpenVPN, since NAT is not supported on IPsec VTI interfaces?

        No, policy-based routing is not currently supported.

        also does route based VPN support source NAT for IPsec VPN ?

        tnsr handles NAT differently than pfSense, operating on inside and outside interfaces and pools, instead of source addresses and outbound interfaces. I have not personally tried making an IPsec ipip interface a NAT outside interface but it seems like it could work. You can read all about NAT in tnsr here:

        https://docs.netgate.com/tnsr/en/latest/nat/index.html

        Thanks in advance

        Regards,

        Prasad

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 1
        • P
          prasadpkulkarni
          last edited by

          @Derelict

          Thanks for reply , I think I got answer for Policy Based VPN ( like PFSense) that it is not supported on TNSR

          What I am looking for is have NAT before IPSec due to overlapping of Private Network , is that possible ? the NAT document gives info related to NAT at interface level but not for what I am looking for ( IPSec ).

          Is there any reference documents for this ?

          Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post