Enable NAT for VPN Client

I'm running a VPN client (openfortivpn) on my OpenWRT:

        "kernel": "5.15.25",
        "hostname": "FriendlyWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "FriendlyElec NanoPi R4S",
        "board_name": "friendlyelec,nanopi-r4s",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.0-rc1",
                "revision": "r19302-df622768da",
                "target": "rockchip/armv8",
                "description": "OpenWrt 22.03.0-rc1 r19302-df622768da"

I'm running openfortivpn as a VPN client, which connects to the VPN server through a ppp1 interface. From the Router running OpenWrt, I can ping everything on the VPN server side, but not from my local network.

I would like to enable NAT from my local network to the VPN connection so that the VPN is extended to my clients.

I know that OpenWrt 22.03 has migrated to nftables, and I believe it also impacts on what I would like to reach (not an expert in iptables/nftables here).

Has anyone reached something similar to it, that could share some information that could be of help?



Not need to NAT anything.
Add your VPN interface to a VPN zone if not already done.
Then in firewall, allow forward between VPN zone and lan ( and the reverse ).

Also, you may need to push a route to your vpn client so they know about your lan network. I don't know about openfortivpn, but usually you can "tell" your vpn client that ( your lan network) can be reach thru ip A.B.C.D ( your openwrt ip in the VPN).

Thanks @dr191

Actually I was using commandline and thereforethe ppp1 interface wasn't being mapped to the Zone.

After your suggestion I got back to luci and I could find a package named " luci-proto-openfortivpn' which did the same as I did in command line and also mapped the VPN into Zone (I just attached it together with WAN and it started working as I wish).