kwiatek1001r
New Member
Hello, we have a problem with the correct NAT of traffic in this case - Wireguard client VPN connection to networks reachable behind the IPSecVPN tunnel.
The 172.16.0.0/24 network is the client VPN address. It connects to a VPN server that has access to local VLANs 192.168.0.0/24, 192.168.10.0/24 - this traffic is carried out correctly. However, the Wireguard server itself also has an IPSec tunnel set up to the 10.168.106.0/24 network and traffic from 172.16.0.0/24 to this network does not work.
In the second phase of IPSec there is no client VPN class - 172.16.0.0/24 and I can't add it because I don't have access to the other side, so it can be done through NAT addressing 172.16.0.0/24 to any address that exists in the second phase, e.g. 192.168 .10.250 if traffic is routed to 10.168.106.0/24.
Unfortunately, I don't know which iptables rules I should use to implement this.
The 172.16.0.0/24 network is the client VPN address. It connects to a VPN server that has access to local VLANs 192.168.0.0/24, 192.168.10.0/24 - this traffic is carried out correctly. However, the Wireguard server itself also has an IPSec tunnel set up to the 10.168.106.0/24 network and traffic from 172.16.0.0/24 to this network does not work.
In the second phase of IPSec there is no client VPN class - 172.16.0.0/24 and I can't add it because I don't have access to the other side, so it can be done through NAT addressing 172.16.0.0/24 to any address that exists in the second phase, e.g. 192.168 .10.250 if traffic is routed to 10.168.106.0/24.
Unfortunately, I don't know which iptables rules I should use to implement this.