Hello, i'm using strongswan to make a VPN and need to NAT a virtual LAN - real lan is 192.168.8.0/24 ip lan 192.168.8.1 and device to be reached 192.168.8.10
My virtual LAN should be 11.0.0.16/28 and it's specified in my ipsec.conf file (tunnel is up and working) but traffic is not correctly routed, i think i should add a rule like this:
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -j SNAT --to-source 11.0.0.16
i can see it but seems traffic is not routed to the host:
iptables -L -vn; iptables -t nat -L -vn; iptables -t mangle -L -nv
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1 76 SNAT all -- * * 192.168.8.0/24 0.0.0.0/0 to:11.0.0.16
0 0 SNAT all -- * * 192.168.8.0/24 0.0.0.0/0 to:11.0.0.16
0 0 SNAT all -- * * 192.168.8.0/24 0.0.0.0/0 to:11.0.0.16
5 422 postrouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom postrouting rule chain */
0 0 zone_lan_postrouting all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
4 304 zone_wan_postrouting all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 SNAT all -- * * 192.168.8.0/24 0.0.0.0/0 to:11.0.0.16
how can i debug and troubleshoot this scenario?