1:1 NAT / Port Forward Over Site-Site VPN


  • I have been having trouble to achieve the following.

    Site A:
    WAN IP: 1.1.1.1 (1.1.1.2 - 1.1.1.4)
    LAN IP: 10.10.10.1

    Site B:
    WAN IP: 2.2.2.2
    LAN IP: 10.10.20.1

    Site A and Site B has been setup with IPSec

    is it possible, that I can forward the traffic going to Site A (1.1.1.2) to a server inside Site B (eg. 10.10.20.55)

    Internet –> (Site A) 1.1.1.2 --> (Site B) 10.10.20.55

  • Rebel Alliance Developer Netgate

    That isn't possible with IPsec, unless on the Phase 2, the site A side is defined as 0.0.0.0/0 to send all traffic back over IPsec (at least from a source of 10.10.20.55)

    It's possible with OpenVPN and has been described several times around the forum and mailing list. It requires assigning the OpenVPN interface and moving some rules around but it works fine.