How to portforward over ipsec vpn

arrcy

I successfully setup a IPsec vpn using this guide https://www.youtube.com/watch?v=-GrWSnKnwgU with:

SiteA
LAN 10.0.0.1
Lan 2
Lan 3

SiteB
Lan1
Lan 2 192.168.2.1
Lan 3

I want incoming connections on siteA:766
to be port forwarded to 192.168.2.100:766 over the ipsec tunnel

preferably i also want Lan 3 and lan 1 also be able to access
10.0.0.1 without adding extra ipsec configuration but using
outbound NAT

---

it's been very hard to set this up and and im stuck, i tried so many things
any help will be highly appricate it

viragomann

@arrcy said in How to portforward over ipsec vpn:

I want incoming connections on siteA:766
to be port forwarded to 192.168.2.100:766 over the ipsec tunnel

Across a policy-based IPSec, this is only gonna to work if you either do masquerading on site B LAN2 with an outbound NAT rule or if you route the whole upstream traffic from B over A. The latter might not be desirable, I guess, the former has the drawback that you loose the information about the origin source IP.

It would work without this limitations with any other kind of VPN: routed IPSec, OpenVPN, Wireguard

preferably i also want Lan 3 and lan 1 also be able to access
10.0.0.1 without adding extra ipsec configuration but using
outbound NAT

Just add a phase 2 for each subnet pair, you want to connect.
LAN1 <> 10.0.0.0/24
LAN3 <> 10.0.0.0/24
Remember, that you have to add these p2 with exchanged local - remote networks.