Enable NAT for VPN Client

I'm running a VPN client (openfortivpn) on my OpenWRT:

        "kernel": "5.15.25",
        "hostname": "FriendlyWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "FriendlyElec NanoPi R4S",
        "board_name": "friendlyelec,nanopi-r4s",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.0-rc1",
                "revision": "r19302-df622768da",
                "target": "rockchip/armv8",
                "description": "OpenWrt 22.03.0-rc1 r19302-df622768da"
        }

I'm running openfortivpn as a VPN client, which connects to the VPN server through a ppp1 interface. From the Router running OpenWrt, I can ping everything on the VPN server side, but not from my local network.

I would like to enable NAT from my local network to the VPN connection so that the VPN is extended to my clients.

I know that OpenWrt 22.03 has migrated to nftables, and I believe it also impacts on what I would like to reach (not an expert in iptables/nftables here).

Has anyone reached something similar to it, that could share some information that could be of help?

Tks

Hi,

Not need to NAT anything.
Add your VPN interface to a VPN zone if not already done.
Then in firewall, allow forward between VPN zone and lan ( and the reverse ).

Also, you may need to push a route to your vpn client so they know about your lan network. I don't know about openfortivpn, but usually you can "tell" your vpn client that 192.168.1.0/24 ( your lan network) can be reach thru ip A.B.C.D ( your openwrt ip in the VPN).

Thanks @dr191

Actually I was using commandline and thereforethe ppp1 interface wasn't being mapped to the Zone.

After your suggestion I got back to luci and I could find a package named " luci-proto-openfortivpn' which did the same as I did in command line and also mapped the VPN into Zone (I just attached it together with WAN and it started working as I wish).

Tks

3 posts were split to a new topic: Setting up split-tunneling with Forti VPN