Hero Image
VPN fortigate - OPNSense behind NAT

Overview In this article, I document the process of building a site-to-site IPsec VPN between a FortiGate firewall with a public IP address and an OPNsense firewall located behind NAT. This scenario is common in real-world environments where one side of the tunnel is hosted behind an ISP router or does not have a stable public IP address. The configuration shown here works reliably by combining IKEv2, pre-shared keys, and Peer ID–based authentication.

Monday, January 5, 2026 Read
Hero Image
Introduction

I’m a systems administrator with a strong focus on Linux infrastructure, networking, and automation. I work primarily with servers, virtualization, and cloud-adjacent environments, always aiming for setups that are simple, secure, and reproducible. My background includes designing and managing KVM/libvirt environments, building Terraform-based infrastructure, hardening systems with Ansible, and implementing secure access patterns such as bastion hosts, network segmentation, and controlled SSH access. I’m comfortable working close to the operating system: debugging issues at the shell level, reading logs, and understanding what the system is actually doing — not just what a dashboard claims.

Sunday, January 4, 2026 Read