Re: Help on traffic rules on vpn ipsec
☄ Helpfulby Flamba 2020/01/08 03:05:16
1- overload will do nicely. It maps the source addresses to the address(es) in the IP pool in a round robin fashion. In fact, as ShawnZA has mentioned, one single address in the pool will do. Just reserve it on your side so that it isn't used by a host.
In the outbound policy (LAN -> tunnel), check "enable NAT", "dynamic pool" and select the IP pool.
Make sure that on the WG side the source addresses allowed match your setting.
Note that traffic from FGT to WG will work fine, with reply traffic routed back to the host behind the FGT. But in the other direction, from WG to FGT, you cannot use the fake addresses as destinations - you cannot initiate connections from the WG side.
Lastly, do NOT check "port forward" in the NAT settings in the policy unless you have to! In port forwarding, you cannot use ping to test the connection.
Ede " Kernel panic: Aiee, killing interrupt handler!"