I am trying to set up an IPSec VPN tunnel initiated by a WR11 over an LTE connection to a Netgear SRX5308 router.
I have been able to get the IPSec SA established, as indicated by both the Netgear router and the WR11. If I ping from a computer on the Netgear LAN to a computer on the WR11 LAN, I can see that the packet goes through the IPSec tunnel toward the WR11, and arrives at the computer on the WR11 LAN as expected. The computer on the WR11 LAN responds, sending the response packet, which I can see arriving at the eth0 interface of the WR11, but then if I am reading the trace correctly, the packet is sent out of the PPP1 interface, but still has the destination IP Address of the remote computer, not the remote IPSec endpoint.
WR11 LAN: 192.168.0.0/24
WR11 PPP1: 10.128.34.179
Netgear LAN: 184.108.40.206/24
Additionally, executing the PING command: ping 192.168.4.203 -e0 from the WR11, does not get a response.
Additionally, executing a PING from 192.168.0.11 to 192.168.4.203 results in a packet (captured by the WR11 analyzer) that is being sent out the PPP1 interface targeting the remote LAN IP Address (not the Netgear public IP address):
----- 24-3-2017 10:09:34.500 ------
02 50 F3 00 00 00 00 00 00 00 00 00 08 00 45 00 .P…E.
00 3C 5B 7E 00 00 7F 01 ED 9C 0A 80 22 B3 C0 A8 .<[~…"…
04 CB …
NDIS From LOC TO REM IFACE: PPP 1
02 50 F3 00 00 00 Dst. MAC
00 00 00 00 00 00 Src. MAC
08 00 Type: IP
45 IP Ver: 4
Hdr Len: 20
00 TOS: Routine
00 3C Length: 60
5B 7E ID: 23422
00 00 Frag Offset: 0
7F TTL: 127
01 Proto: ICMP
ED 9C Checksum: 60828
0A 80 22 B3 Src IP: 10.128.34.179
C0 A8 04 CB Dst IP: 192.168.4.203
The IP capture shows packets with the source IP of 10.128.34.179 and a destination IP of 192.168.4.203.
Viewed from the WR11:
IKE SA connection: Shows connection with proper PPP1 IP Address and Netgear public IP Address
IPsec Peers: Shows Netgear public IP Address ad Peer IP Addr. and NATT Local Port=4500 and NATT Remote Port=4500
IPsec Tunnel Outbound V1 SA: Peer IP Addr=Netgear Public IP, Local Network=192.168.0.0/24 Remote Network:192.168.4.0/24 Port 1701, KBytes delivered 0, KBytes Left:0, Interface=PPP1
IPsec Tunnel Inbound V1 SA: Peer IP Address=Netgear Public IP, Local Network=192.168.0.0/24, Remote Network:192.168.4.0/24 Port 1701, KBytes Delivered=26, KBytes Left=0, Interface=PPP1
Is there a configuration I am missing that routes the packets for the remote network through the IPsec Tunnel?