I'm attempting to connect two networks with identical LANs through an IPSec VPN as the attached image.
RUT 950A: Router 192.168.140.253, LAN 192.168.140.0/24, WAN 192.168.55.50
RUT 950B: Router 192.168.140.253, LAN 192.168.140.0/24, WAN 192.168.55.51
Both RUT950s are loaded with RUT9XX_R_00.06.08.5 firmware.
Because of the overlapping subnets I've been trying to remap each RUT950 LAN to a new IP range using custom firewall rules and have added static routes.
RUT 950A
iptables -t nat -A postrouting_lan_rule -s 192.168.140.0/24 -j SNAT --to-source 192.169.140.0
iptables -t nat -I prerouting_lan_rule -d 192.169.140.0/24 -j DNAT --to-destination 192.168.140.0
RUT950B
iptables -t nat -A postrouting_lan_rule -s 192.168.141.0/24 -j SNAT --to-source 192.169.141.0
iptables -t nat -I prerouting_lan_rule -d 192.169.141.0/24 -j DNAT --to-destination 192.168.141.0
I've configured the systems as below and can ping between 192.168.55.50 and 192.168.55.51, so the VPN is up, but I can't ping between the two LANs (The Enable check box is set when the system is running)
I've had a look at the 'Enable_IPsec_WebUI' traffic rule and the extra arguments make reference to the ipsec policy (-m policy --dir in --pol ipsec), I'm guessing that my configuration so far needs to reference this policy some how.
Any suggestions gratefully accepted.
