HQ device is connected to the Internet using a leased line (private IP addresses on both ends). Public IP assigned by the ISP is configured as an “additional IP” on the WAN interface. We were trying to use this public IP as the PepVPN peer address from the HQ side.
We noticed that the handshake uses this IP (it is actually configured on branches devices VPN profile as remote peer address) but when UDP traffic starts, the HQ device use the WAN interface IP (private) as source, not the public IP. The only way to solve this was by configuring a NAT mapping rule where outbound traffic from the WAN interface address are src-natted to the public IP.
Is there a better solution?