diff --git a/bin/gateway_init.sh b/bin/gateway_init.sh
index 957bda9..53d7f5f 100755
--- a/bin/gateway_init.sh
+++ b/bin/gateway_init.sh
@@ -38,7 +38,13 @@ if ! ip rule | grep -q "from all lookup main suppress_prefixlength 0"; then
 fi
 
 # Enable outbound NAT
-iptables -t nat -A POSTROUTING -j MASQUERADE
+if [[ -n "$SNAT_IP" ]]; then
+  echo "Enable SNAT"
+  iptables -t nat -A POSTROUTING -o "$VPN_INTERFACE" -j SNAT --to "$SNAT_IP"
+else
+  echo "Enable Masquerading"
+  iptables -t nat -A POSTROUTING -j MASQUERADE
+fi
 
 if [[ -n "$VPN_INTERFACE" ]]; then
   # Open inbound NAT ports in nat.conf
diff --git a/config/settings.sh b/config/settings.sh
index a7164cc..409c9f7 100755
--- a/config/settings.sh
+++ b/config/settings.sh
@@ -45,3 +45,6 @@ GATEWAY_ENABLE_DNSSEC=true
 
 # If you use nftables for iptables you need to set this to yes
 IPTABLES_NFT=no
+
+# Set to WAN/VPN IP to enable SNAT instead of Masquerading
+SNAT_IP=""