Cloud-native doesn’t always mean cloud-managed. Managed gateways promise a “set-and-forget” experience, but they often fall short when you need fine-grained control for complex site-to-site integrations. By combining Linux networking with StrongSwan IPsec, you can build a custom egress point that performs Source Network Address Translation (SNAT) before encryption. This approach not only reduces costs, it also gives you the visibility and control that managed services usually hide. The "Hidden" Cost of Cloud Networking Cloud providers like AWS and Azure make it easy to start, but "managed" services come with a heavy tax: Managed Private NAT Gateway: ~$32/month + $0.045 per GB processed. VPN Gateway: ~$36/month + data transfer fees. The Problem: If you have 50 instances in a private subnet, the partner network on the other side of the VPN usually doesn't want to whitelist 50 different IP addresses. They want only one trusted IP.…