diff --git a/Dockerfile b/Dockerfile
index 07e3095..c07a7db 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,6 +12,7 @@ ENV OPENVPN_OPTS=
 ENV CONNECTION_TYPE=tcp
 ENV LAN_NETWORK=
 ENV CREATE_TUN_DEVICE=
+ENV ENABLE_MASQUERADE=true
 ENV OVPN_CONFIGS=
 ENV ENABLE_KILL_SWITCH=true
 HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -s https://api.surfshark.com/v1/server/user | grep '"secured":true'
diff --git a/README.md b/README.md
index c09a85b..b4b6f1b 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,7 @@ The container is configurable using 5 environment variables:
 |CONNECTION_TYPE|No|The connection type that you want to use: tcp, udp|
 |LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24|
 |CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users|
+|ENABLE_MASQUERADE|No|Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.|
 |OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files)
 |ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality
 
diff --git a/docker-compose.yml b/docker-compose.yml
index c58e9eb..5e2490f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
             - SURFSHARK_CITY=mil
             - CONNECTION_TYPE=udp
             - LAN_NETWORK=192.168.0.0/24      #Optional - Used to access attached containers web ui
+		- ENABLE_MASQUERADE=true #Optional - Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.
         cap_add: 
             - NET_ADMIN
         devices:
diff --git a/startup.sh b/startup.sh
index da6eac6..0642257 100644
--- a/startup.sh
+++ b/startup.sh
@@ -32,6 +32,12 @@ if [ "${CREATE_TUN_DEVICE}" = "true" ]; then
   chmod 0666 /dev/net/tun
 fi
 
+# Enable NAT w MASQUERADE mode
+if [ "${ENABLE_MASQUERADE}" = "true" ]; then
+  echo "Enabling IP MASQUERADE using IP Tables"
+  iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
+fi
+
 openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS --script-security 2 --up /vpn/sockd.sh
 
 if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then