I have a rather simple question, which I thought I knew the answer, but I'm stuck with it.
I have two linux boxes:
Server A :
- IP : 10.10.19.1/24
- Can contact 10.10.18.0/24 through an IPsec VPN (works fine)
- ip forwarding set to 1
Server B :
- IP : 10.10.19.55/24
- One route has been added to reach 10.10.18.0/24 :
=> 10.192.18.0/24 via 10.192.19.1 dev ens8
Some facts :
- Server B and Server A can ping each other
- Server A can ping everything on 10.10.18.0/24
Problem : when I try to ping something in 10.10.18.0/24 from server B, I can see the ping going through the IPsec VPN and coming back on server A, but with the IP of server B, and the packet is not forwarded.
For example, if I try to ping 10.10.18.113 from Server B and I capture ICMP on Server A, I see something like:
source: 10.10.19.55
dest: 10.10.18.113
type: request
then
source: 10.10.18.113
dest: 10.10.19.55
type: reply
It's great, but since Server A is 10.10.19.1, I think it does not know what to do with that packet, and it's not forwarded toward 10.10.19.55 (Server B) neither.
I was sure it was something masquerade could do so I tried :
iptables -t nat -A POSTROUTING -s 10.10.19.0/24 -j MASQUERADE
On Server A, and I thought it would work but when I set this masquerade rule, but it looks like it does not change anything at all.
What am I missing ?
