Site to Site VPN IPSEC routing all traffic back through HQ

Hey All,
I have multiple PFSense boxes connected via IPSEC. It has now become necessary to route the remote offices through HQ for all web traffic. I have tried to setup NAT FW rules using the gateway that was setup in the IPSEC/VTI. But I seem to missing something. (I watched your video on NAT/OPN VPN but no joy)
I can ping the LAN on both sides so the IPSec is working just my knowledge of NAT is not the best.

IPSec works completely differently from all other types of VPNs/tunnels. It basically steals any packet that matches the local and remote subnets right before the routing table would be consulted. I think your idea with NAT is going to be a real headache.

Instead, I suggest rebuilding with another VPN type (OpenVPN, WireGuard) and do normal routing over the point-to-point tunnels.

1 Like