<![CDATA[How to portforward over ipsec vpn]]>I successfully setup a IPsec vpn using this guide https://www.youtube.com/watch?v=-GrWSnKnwgU with:

SiteA
LAN 10.0.0.1
Lan 2
Lan 3

SiteB
Lan1
Lan 2 192.168.2.1
Lan 3

I want incoming connections on siteA:766
to be port forwarded to 192.168.2.100:766 over the ipsec tunnel

preferably i also want Lan 3 and lan 1 also be able to access
10.0.0.1 without adding extra ipsec configuration but using
outbound NAT

it's been very hard to set this up and and im stuck, i tried so many things
any help will be highly appricate it

]]>https://forum.netgate.com/topic/190712/how-to-portforward-over-ipsec-vpnRSS for NodeWed, 13 May 2026 13:12:43 GMTWed, 30 Oct 2024 02:11:32 GMT60<![CDATA[Reply to How to portforward over ipsec vpn on Wed, 30 Oct 2024 13:15:47 GMT]]>@arrcy said in How to portforward over ipsec vpn:

I want incoming connections on siteA:766
to be port forwarded to 192.168.2.100:766 over the ipsec tunnel

Across a policy-based IPSec, this is only gonna to work if you either do masquerading on site B LAN2 with an outbound NAT rule or if you route the whole upstream traffic from B over A. The latter might not be desirable, I guess, the former has the drawback that you loose the information about the origin source IP.

It would work without this limitations with any other kind of VPN: routed IPSec, OpenVPN, Wireguard

preferably i also want Lan 3 and lan 1 also be able to access
10.0.0.1 without adding extra ipsec configuration but using
outbound NAT

Just add a phase 2 for each subnet pair, you want to connect.
LAN1 <> 10.0.0.0/24
LAN3 <> 10.0.0.0/24
Remember, that you have to add these p2 with exchanged local - remote networks.

]]>https://forum.netgate.com/post/1189576https://forum.netgate.com/post/1189576Wed, 30 Oct 2024 13:15:47 GMT