Hi,
I'm trying to create an net-to-net VPN.
{192.168.0.0/24}--[192.168.0.1]-VPN/INET-[192.168.1.1]--{192.168.1.0/24}
LAN GATEWAY GATEWAY LAN
Everything seems to be fine:
1. I'm able to ping 192.168.1.1 from 192.168.0.1 (so, racoon allready
established the tunnel
2. I'm able to ping 192.168.0.1 from 192.168.1.1 (so, both ways are ok)
3. if I try to ping 192.168.1.1 from 192.168.0.0/24 then racoon is
establishing the tunnel
4. if I try to ping 192.168.0.1 from 192.168.1.0/24 then racoon is
establishing the tunnel
But in case 3 und 4 the client from the LAN does not got an reply on his
request. As I noticed the problem is the gateway from the lan which the
client is in (so in case 3 the problem is 192.168.0.1). Also (in case 3) I
noticed that the reply has been send from 192.168.1.1 but it gets "lost" on
192.168.0.1.
So I added some rules to iptables on 192.168.0.1 and I noticed that the packet
access the PREROUTING chain in the table mangle but never access the
PREROUTING chain in the table nat. I think it should because of the packet
flow (http://www.siliconvalleyccie.com/images/iptables.gif) ?!?!?!
Why does this packet never access the PREROUTING chain in "nat" (and all other
following chains)? Any suggestions?
Daniel
