RB1000 with RoS 5. Static IP and GW, One 192.168.1.0/24 network behind that gets
SNAT through RB1000.
RB433 with RoS 5. Dynamic IP. One 192.168.2.0/24 network behind that gets SNAT
through RB433.
RB433 connect through OpenVPN to RB1000 and has a small linknet 192.168.3.0/27.
Over this linknet 192.168.1.0/24 and 192.168.2.0/24 can communicate with eachother.
So far so good.
What I want now is that 192.168.2.0/24 network goes out over OpenVPN tunnel and gets
NAT:ed by RB1000 instead. So the only traffic that goes out the normal way on RB433 is
the actual tunnel traffic.
I have done several setups with both routingmarks and different tables but with no success.
Anyone made this that can give me some light on the subject?
Of course that is without context of your current config, which we don’t know. The mangle rule must sit at an appropriate point in the rest of your mangle rules. The route should list the tunnel internal next hop as the gateway (the RB1000 IP on 192.168.3.0/27 - why a /27 for a P2P link?) and should have a lower AD other static default routes.
Of course that is without context of your current config, which we don’t know. The mangle rule must sit at an appropriate point in the rest of your mangle rules. The route should list the tunnel internal next hop as the gateway (the RB1000 IP on 192.168.3.0/27 - why a /27 for a P2P link?) and should have a lower AD other static default routes.
Seems the mangle rule makes most of it. Now both networks can communicate and all traffic from 192.168.2.0/24 gets
routed over the tunnel. The problem is the traffic doesn’t seem to get NAT:ed successfully at the RB1000 end. I have a normal SNAT rule with 192.168.2.0/24 as the source and my external interfaces as outgoing interface and action masquerade. I made sniffing on the outside and I cannot see any packets there.
Christian
ADDED: Ofcourse it works all the way. I fooled myself with the wrong outgoing interface. Thank you!