Using public IP-s over IPSEC


I have a bit silly question. I have 2 Opnsense firewall. One has 2 WAN connections (both having 5 public IPs) and another has WAN with 1 public IP (this number can’t be extended). Both FW-s are connected with IPSec and both LAN’s are visible to each other.

So my question is: can I do NAT from on of those 10 IPs to other LAN computer?

Any hints will be welcome…


In pfsense they have documentation on doing policy routing over IPSEC

I assume you can do this OPNSense as well.

Thanks, Tom
I have to do some minor adjustments to the configuration

Dear all,

I did the configuration changes. According to Wireshark the packets reach the proper server, but still I get time out
What I’m missing in my configuration?

You are going to have to explain the settings on pfsense, as we have nothing to go on

Post screenshots

There are two opnsense firewalls. Firewall A has 2 WAN connections and one LAN interface with subnet Firewall B has one WAN and one LAN with subnet
Between A and B is routed IPSEC tunnel, on both sides IPSEC interfaces, gateways and routing tables. Traffic from to works perfectly and vice versa. So there are no problems on those settings.

I create NAT:port Forward rules to Firewall A:

Destination is behind firewall B
It’s the view on Firewall A Rules: WAN:

Upper rule is created by me, second one automatically created by opnsense.
When I try to access both adresses via WAN, I get timeout.

Packet capture on tunnel interface on firewall B: