I'm using source and destination NAT in my configuration. I'm encountering an unpredictable problem.
Situation:
PC1 ----> EdgeRouter ER-8 (V1.9.0) ----> OpenVPN server ----> PC2
PC1: 192.168.0.11
EdgeRouter: 192.168.0.254
PC2: 10.0.0.30
Source NAT to translate internal 192.168.0.x address to 172.16.0.x address
For ICMP traffic the source NAT doesn't work (not visible in counter either)
For HTTP traffic the source NAT does work perfectly (counter increases)
I checked the firewall, the traffic is being accepted.
Sometimes when I save a rule without a change or change something like rule order in the configuration it suddenly works. But after a reboot it's not working anymore.
Parts of the config:
nat {
rule 1 {
description Router
destination {
address 172.16.0.1
group {
}
}
inbound-interface vtun0
inside-address {
address 192.168.0.254
}
log disable
protocol all
source {
group {
network-group VPN
}
}
type destination
}
rule 2 {
description PAS1
destination {
address 172.16.0.10
group {
}
}
inbound-interface vtun0
inside-address {
address 192.168.0.11
}
log disable
protocol all
source {
group {
network-group VPN
}
}
type destination
}
rule 5000 {
description PAS1
destination {
group {
network-group VPN
}
}
log enable
outbound-interface vtun0
outside-address {
address 172.16.0.10
}
protocol all
source {
group {
address-group PAS1
}
}
type source
}
rule 5001 {
description EdgeRouter
destination {
group {
network-group VPN
}
}
log disable
outbound-interface vtun0
outside-address {
address 172.16.0.1
}
protocol all
source {
address 192.168.0.254
}
type source
}
rule 5002 {
description "Masquerade for WAN"
log disable
outbound-interface eth0
protocol all
source {
group {
network-group Internet_access
}
}
type masquerade
}
}
address-group PAS1 {
address 192.168.0.11
description ""
}
network-group VPN {
description "VPN network group"
network 10.0.0.0/16
}