Re: Strange VPN behavior

Sun, 16 Nov 2025 13:44:55 -0800 

> Crystal Kolipe

Here is the diagram of the working VPN in the virtual machines :
https://i.ibb.co/rKjd5ggP/VPN-diagram-VM.png

And below the diagram of the not working VPN "IRL"  :
https://i.ibb.co/rLrxB33/VPN-diagram-IRL.png

On the virtual machines infra, the NAT is performed :
- a first time on the VM gateway,
- a second time on the VPN for encrypted traffic,
- a third time on the physical router to reach Internet.

On the "IRL" infra, the NAT is performed :
- on the gateway for not encrypted traffic,
- on the VPN for encrypted traffic.



Le sam. 15 nov. 2025 à 21:11, Crystal Kolipe <[email protected]> a
écrit :

> On Sat, Nov 15, 2025 at 08:34:00PM +0100, Franois RONVAUX wrote:
> > > Does the gateway has an arp entry for the client?
> >
> > Do you talk about the VPN gateway ?
>
> In your first email, you said that the setup was as follows:
>
> > Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
>
> and ...
>
> > - VPN receives the answer from Internet,
> > - the answer is not forwared back to client.
>
> So my understanding was that inbound traffic reaches here:
>
> > Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
>                    ^^^^^^^
>
> You also said:
>
> > - VPN send the traffic to Internet (with NAT),
>
> ... which I understood to mean that NAT is being performed here:
>
> > Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
>                                                  ^^^
> But now you're saying:
>
> > The VPN server is a virtual machine provided by a Cloud Provider,
> > The client is behind a NAT router of my Internet Service Provider.
>
> ... so is NAT is being performed here:
>
> > Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
>   ^^^^^^
>
> ... or here:
>
> > Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
>                    ^^^^^^^
>
> ... or is it double NAT, like this:
>
> > Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
>                    ^^^^^^^                       ^^^
>
> ... or this:
>
> > Client--(clear)--Gateway--(encrypted traffic)--VPN--(clear)--Internet
>   ^^^^^^                                         ^^^
>
> Please explain a bit more clearly the network devices that are connected
> and whether they are using public or private IPs, and where NAT is
> being performed.
>

Reply via email to