I am facing problems with IKEv2 routing and cannot figure out the issue. There are three players in my setup.
IKEv2 client (let us call it client - C).
Currently on macOS.
Router A) IKEv2 provider
VPN pool: 192.168.167.10-50/24
EOIP IP: 172.16.99.1
headquarters office, SAP, mail etc.
EOIP IP: 172.16.99.2
Server room at a provider, for special technology related servers (controls manufacturing processes)
(A) and (B) are EOIP linked over the Internet. All devices in network (A) has access to (B). Perfect, lightning fast, works like magic. Routes seems fine as 192.168.168.100 is able to reach 172.23.210.100 without issues. Client (C) is able to connect (A) via IKEv2. Receives address from the pool fine. Routes are passed and can be listed. (C) is able to ping and reach everything in area (A). However it cannot reach area (B) addresses. No icmp, neither tcp, nothing.
Other clients connecting via OVPN (using the same VPN address pool) are able to reach site (B).
Is there anything special I need to setup for IKEv2? Firewall rules or routes?
Interestingly IKE clients do not create any ARP record. Should they?
I am not really familiar how IPSEC works in its deep logic. Where are the packets decrypted? Immediately on router (A) or somehow they are routed directly to router (B) which cannot process it? If so what is the workaround?
Thanks for the help.