IPTables NAT not good for SiteToSite VPN

[Rolf-M]

This is not really a fault of the script, but anyways: The implementation of the IP-Tables Masquerading rules in the up/down script is not really helpful. If you are planing to build a S2S scenario, you usually have an idea about what and how you route. If you are going to masquerade everything behind the tunnel-IP, then you may potentially break firewall rules on the other end of the tunnel! Moreover you are not adding the rules to the "UBIOS_POSTROUTING_USER_HOOK", which is the default table on the UDM, but to the normal Postrouting table. This works, but was hard for me to find. Took me a day to find out why my VOIP Phones had no Audio behind the tunnel, until I saw those lines within the script. Commented them out and now I'm happy...

[cpriest]

Sorry, this was just something I was able to hack together for my needs. If you have any changes to contribute back via a PR I'd be happy to integrate them.

I know enough about networking to be dangerous, not an expert though.