Quote:
Originally Posted by gravyface
Wait, I just thought of something: the Astaro is just a node on the 10.0.1.0/24 network at the moment; 10.0.1.5's default gateway is a router than knows nothing of the Astaro. Is there no route back to the tunnel's source host (192.168.0.100) without masquerading?
|
Correct, if the astaro is not the default gateway of 10.0.1.5, you will need to add the route for the remote network to the router or that machine. This would explain why it works with masquerading enabled as the traffic looks like it is coming from the astaro's internal interface and is local to 10.0.1.5.
If you are trying to restrict traffic over the vpn tunnel, I would suggest disabling the automatic packet filter rules and create your own in the packet filter. The automatic packet filter rules act before the ones you manually create and you will not see this traffic in the packet filter log.