connecting A to B using IKEv2, AES-256 encryption with Diffe Hellman 14 group
A = 172.31.23.167
C = 172.31.23.197
B = 172.31.31.17
B needs to talk to C via A
B > A > C
to make this work, enable IPSEC VPN, make sure you can netcat and ping B > A
# enable ipv4 forwarding
echo >> "net.ipv4.ip_forward = 1" /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
add the connection configs to /etc/ipsec.d/"connection name>".conf add the secrets file to /etc/ipsec.d/"connection name".secrets
# example of secrets
<pub IP of A> <pub IP of B> : PSK "secretstring"
120.34.99.100 200.340.1.2 : PSK "bGWT7yc^5sB@q@TWCcTy$#yvBw"
once this works, you need to configure your iptables on A to forward traffic from B's subnet to A's subnet
on server A, add to /etc/sysconfig/iptables
-A POSTROUTING -s <subnet of B, aka 172.31.31.0/24> -j MASQUERADE
or to keep in memory without saving long term,
iptables -t nat -A POSTROUTING -s <subnet of B> -j MASQUERADE
use tcpdump on A and C to see if packets are coming in from B (B > A > C)
tcpdump -i any portrange <test port>