^^^ THIS^^^dhoobler wrote: ↑Sun Sep 13, 2020 3:28 pm I have set up a number of VPN's, although not with Linux. My experience is with Check Point. That said, the principles are the same.
You have two devices (gateways) connected to the Internet at different locations, each with its own static IP address. I am going to make some assumptions at this point.
You have a private network at behind each device with the public static IP address. You wish to route traffic from the private network behind one gateway to a destination inside the private network behind the other gateway. The gateways have the VPN feature built in.
First some concepts. Private IP addresses (192.168.x.x and others - see RFC1918) cannot be routed through the Internet. If you try, your ISP will drop the packets. In order to access the Internet from a private IP address, your gateway performs Network Address Translation (NAT) to substitute its own public IP address (either static or dynamic) for your private IP address.
A VPN must be able to route your private IP address from one private network to another private network. It does so by setting up a "tunnel" between the two gateways. It routes packets using its own public IP address in such a way that the remote gateway can disassemble the packet and route the packets internally.
The gateways must also know which private IP addresses belong to which gateway, so it knows where to route private traffic. It does this by use of an encryption domain and VPN routing. Each gateway must have its own unique encryption domain (i.e., set of private IP addresses).
Beyond that the two gateways must have a mutually agreed upon method of creating the tunnel. There is a lot that goes into tunnel creation that I cannot comment on without knowing more about the specific gateways. Things to look for are shared secret, data integrity, encryption method, etc.
The gateways might make tunnel creation transparent. It might be that you just need to address the encryption domains and the NAT. The first thing I would look at is to make sure you are not using the same private IP addresses behind the two gateways. The next thing I would dig into is the NAT configuration. It must be disabled within the VPN tunnel, then VPN routing.
That is a lot to digest. I hope it helps.
I'm so rusty, that I hate to venture an opinion, but Windows, Linux, OS X, Aldebaran binary ???. I don't think any computer OS has much to do with routing. What happens to the packet AFTER the get there, oh yeah. I ran the Windows, Mac, and Linux servers to handle the data that came in over the VPNs. I relied on the CISCO pros at my place of business to get the VPN working, so never had my limits pushed. (Or likely reached my potential.) I just called in the experts. They solved every problem with CISCO command line.
dhoobler sounds to me like he knows his stuff.