diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN	1970-01-01 01:00:00.000000000 +0100
+++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN	2011-06-01 20:16:11.000000000 +0200
@@ -0,0 +1,8 @@
+
+    # Will handle SNAT for Site to Site VPN
+    /sbin/iptables --table nat --new-chain SnatVPN
+    /sbin/iptables --table nat --new-chain SnatVPN_1
+    /sbin/iptables --table nat --append SnatVPN -j SnatVPN_1
+    /sbin/iptables --table nat --append POSTROUTING \
+        --out-interface tun+ -j SnatVPN
+
diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN	1970-01-01 01:00:00.000000000 +0100
+++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN	2011-06-01 20:22:39.000000000 +0200
@@ -0,0 +1,27 @@
+{   
+    my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
+
+    # Find the current SnatVPN_$$ chain, and create a new one.
+    $OUT .=<<'EOF';
+    OLD_SnatVPN=$(get_safe_id SnatVPN nat find)
+    NEW_SnatVPN=$(get_safe_id SnatVPN nat new)
+    /sbin/iptables --table nat --new-chain $NEW_SnatVPN
+EOF
+
+    foreach my $vpn ($ovpndb->get_all_by_prop(type=>('client')),
+                     $ovpndb->get_all_by_prop(type=>('server'))){
+        $OUT .= "    /sbin/iptables --table nat --append \$NEW_SnatVPN --out-interface tun" . $vpn->key .
+                " -s " . $vpn->prop('LocalIP') . " -j SNAT --to-source $InternalInterface{'IPAddress'}\n"
+                if (($vpn->prop('SnatOutbound') || 'yes') =~ m/(yes|enabled)/i);
+    }
+
+    # Having created a new SnatVPN chain, activate it and destroy the old.
+    $OUT .=<<'EOF';
+    /sbin/iptables --table nat --replace SnatVPN 1 \
+            --jump $NEW_SnatVPN
+    /sbin/iptables --table nat --flush $OLD_SnatVPN
+    /sbin/iptables --table nat --delete-chain $OLD_SnatVPN
+EOF
+
+}
+