So, i have three routers:
- RTR-A:
- Lan subnet of 172.16.254.11/24 on Eth0
- Wan subnet of 11.11.11.11/29
- IPSec tunnel to RTR C
- "Hairpin NAT" enabled (By default)
- "Automatically open firewall and exclude from NAT" enabled
- RTR-B:
- Lan subnet of 10.1.1.254/24 on Eth0
- Wan subnet of 172.16.254.1/24 on Eth1
- Connected to RTR A throug a switch
- Zero NAT enabled anywhere
- Static route:
- ip route 10.1.11.0 255.255.255.0 172.16.254.11
- RTR-C:
- Lan subnet of 10.1.11.254/24 on Eth0
- Wan subnet of 22.22.22.22/30
- IPSec tunnel to RTR A
- NAT masquerade from lan to WAN
- "Hairpin NAT" enabled (By default)
- "Automatically open firewall and exclude from NAT" enabled
Here's the scenario:
- RTR-A and RTR-C can ping eachother over the IPSec Tunnel using the route automatically created in Route Table 220
- RTR-A and RTR-B can ping eachother over the switch.
- RTR-C cannot ping RTR-B.
What i've tried (In no particular order):
- ip route add 10.10.1.0/24 via 22.22.22.22 dev eth1 proto zebra
- ip route add 10.1.1.0/24 via 22.22.22.22 dev eth1 proto static src 10.1.11.254 table 220
- Did NOT work.
- Disabling all NAT on RTR-C
I basically need to have traffic pass to/from RTR-C and RTR-B. Simple enough, right?
Well aparently not for me!
How can i solve my problem?