I tried everything, again, this time with firmware 7.1.4, but didn't get further - I can access devices placed in RUT X11's LAN from VPN side but can't access RUT X11's webinterface via VPN from VPN side...
But our situation is a little bit different than in described tutorials:
We don't have two RUTs both with same LAN IP range.
We have N RUTs all with same LAN IP address range, that all are connected via one central IPSec gateway from another vendor.
So I tried to modificate the tutorial for our needs, which means I applied the described configurations only to RUT and modified the needed netmap configurations in a way that reflects, what is routed via gateway (in our case not another /24 LAN segment, but a bigger IP range like x.y.0.0/16).
So where in the example it was like
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d 192.168.4.0/24 -j NETMAP --to 192.168.3.0/24
iptables -t nat -I PREROUTING -s 192.168.4.0/24 -j NETMAP --to 192.168.1.0/24
instead I configured
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d x.y.0.0/16 -j NETMAP --to 192.168.3.0/24
iptables -t nat -I PREROUTING -s x.y.0.0/16 -j NETMAP --to 192.168.1.0/24
Since generally IPsec tunnel works and netmapping also works, where is the point that should be made different?
Did I make a mistake with netmapping or has the routing update be made different?
Has anybody some clue? Thank you!