On Sat, Nov 15, 2025 at 08:34:00PM +0100, Franois RONVAUX wrote:
> > Does the gateway has an arp entry for the client?
>
> Do you talk about the VPN gateway ?
In your first email, you said that the setup was as follows:
> Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
and ...
> - VPN receives the answer from Internet,
> - the answer is not forwared back to client.
So my understanding was that inbound traffic reaches here:
> Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
^^^^^^^
You also said:
> - VPN send the traffic to Internet (with NAT),
... which I understood to mean that NAT is being performed here:
> Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
^^^
But now you're saying:
> The VPN server is a virtual machine provided by a Cloud Provider,
> The client is behind a NAT router of my Internet Service Provider.
... so is NAT is being performed here:
> Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
^^^^^^
... or here:
> Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
^^^^^^^
... or is it double NAT, like this:
> Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
^^^^^^^ ^^^
... or this:
> Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
^^^^^^ ^^^
Please explain a bit more clearly the network devices that are connected
and whether they are using public or private IPs, and where NAT is
being performed.
