Hello Everyone,
i've a Challenge, but i've no idea, how i can do it.
So, before i begin, a little bit of explain:
Lan1 192.168.1.0/24 - Router - Provider Public IP
Lan2 192.168.2.0/24 - Router
I am using an Netgear R7000
So, now we came to the Challenge:
Traffic from LAN1 should be natted behind the Public IP. (Ok, this is quiet
normal)
Traffic from the Internet to the Public IP should be completely forwarded to a Host in LAN1, i.e. some
other Router (192.168.1.254)
Ok, this was the simple Part, so now we came to the hard one.
On the Router should be running a IPsec Client (prefered IKEv2 i.e.
strongswan) witch gets an dynamic IP-Adress (i.e. 10.3.1.2/32)
Traffic from LAN2 should be natted behind the dynamic IPsec Client Adress and
completely forwarded to the IPsec Tunnel, so that the connection to the
Internet moves over the IPsec Tunnel.
LAN1 - NAT Behind Public IP -> Internet
Internet - Public IP -> forward to 192.168.1.254
LAN2 - NAT Behind IPsec —- Forward to the IPsec Tunnel -> Internet
So the Traffic from LAN2 should always moves Over IPsec to the Internet
The Traffic from LAN1 should always moves over the IP-Adress from the
Provider.
Connection to the Providers IP-Adress should always be forwarded to another
Router
So what is the Use for?
The Goal is to use with VPN-Providers, such as hidemyass and hide.me, but if
you have several other IPSec Tunnels, i.e. to your company they should move
the normal way, because IPsec in IPsec is bad.
Any Ideas?