I have an iOS Phone that connects via IKEv2 to the main router.
The router has a Site 2 Site VPN connection via Routing-Mark in Mangle.
I see this Road Warrior trying to connect to the VPN through the correct interface, so seems Mangle rules for routing-mark are applied correctly..
However it has the source address of the IKEv2 pool (192.168.200.199/32) which is different from the main LAN subnet (192.168.1.0/24), and thus not recognized by the remote VPN site (192.168.2.0/24).
Is there anyway to masquerade the traffic from IKEv2 that goes to the VPN ?
I tried a generic masquerade but it didn't work, and a src-nat didn't either.
Traffic never reaches these rules...
Code: Select all
7 chain=srcnat action=src-nat to-addresses=192.168.1.250 src-address=192.168.200.199 dst-address=192.168.2.0/24 log=no log-prefix=""
8 chain=srcnat action=masquerade src-address=192.168.200.199 dst-address=192.168.2.0/24 log=no log-prefix=""
Any tip for this?