Site A
PUBLIC IP (Not behind NAT)
conn SiteX-to-SiteX
authby=secret
pfs=no
auto=start
keyingtries=%forever
ikelifetime=8h
keylife=1h
ike=3des-md5;modp1024
phase2alg=3des-md5
type=tunnel
left=[PUBLIC IP A]
leftsubnet=192.168.1.0/24
leftsourceip=192.168.1.242 # This is required for routing later with static route entry
aggrmode=no
right=[PUBLIC IP B]
rightsubnet=192.168.32.0/24
dpddelay=10
dpdtimeout=3600
dpdaction=restart
Site B
VPN server behind NAT
Ensure that UDP port 500 & 4500 is translated to local VPN server IP
conn SiteX-to-SiteX
authby=secret
pfs=no
auto=start
keyingtries=%forever
ikelifetime=8h
keylife=1h
ike=3des-md5;modp1024
phase2alg=3des-md5
type=tunnel
left=[LOCAL IP] # Due to NAT Server does not have PUBLIC IP
leftid=[PUBLIC IP] # Requires PUBLIC IP of NAT router
leftsubnet=192.168.32.0/24 # Local subnet
leftsourceip=192.168.32.254 # This is required for routing later with static route entry
aggrmode=no
right=[PUBLIC IP B]
rightsubnet=192.168.32.0/24
dpddelay=10
dpdtimeout=3600
dpdaction=restart
I have a VPN set up with very similar configuration to this. It connects successfully. I can only communicate between the two servers, but the other computers at Site A cannot communicate with those at Site A, otherwise. I assume this has something to do with static routes (i.e. “This is required for routing later with static route entry”) or firewall rules or both. Could you possibly advise on how to have the computers at both sites to communicate with one another?