Why there is no VPN connection between networks without NAT masquerade?

Hello, the question seems simple, but I can not understand.
Here's an example network diagram
5e972c9b5f1ef679507383.png
The router And the client
Router B server

The router And gets an ip address 192.168.1.10.
In the chain one NAT rule masquerading on public interface for Internet access.
In this configuration, router A pings router B. Computers behind a router And can't ping router B.

After adding the router And masquerade NAT rules on the VPN interface, computers behind a router And already can ping the router B.

Why is it necessary to do masquerade on the VPN interface for access to network B ?
Why not fire marshrutizatora ? Think private addresses should be routable ?
April 19th 20 at 12:10
3 answers
April 19th 20 at 12:12
Solution
In such a situation you need site-to-site vpn.
Cars for router B have no idea where to look for cars from 192.168.2.0/24.
PS
Accordingly, the addresses on the end points of the VPN tunnel is needed, for correct routing, not from the same subnets, i.e. not 192.168.1.0/24 and not 192.168.2.0/24.
Cars for router B have no idea where to look for cars from 192.168.2.0/24.

OK, that's understandable. But then the packets should go to the gateway (gateway of last resort), and the router knows all the routes. Isn't that right? - Kelsi_Daugherty commented on April 19th 20 at 12:15
@Kelsi_Daugherty,
Further, all high-level:
For computer 192.168.1.5 default gateway is 192.168.1.254, logical?
Now the computer is 192.168.1.5 wants to send a request (or reply) to computer 192.168.2.5.
He sees that the computer is not in his stream is the domain and sends the packet to the router 192.168.1.254
The router is 192.168.1.254 - looks who ever is responsible for 192.168.2.5?
Finds the network and sends it to your default gateway. I don't know what scheme it is not.
Then the answer is no, it was all over. - Angelita61 commented on April 19th 20 at 12:18
@Angelita61, isolation. Thank you. Now everything is clear. Added route on Router B and it worked without a masquerade. - Kelsi_Daugherty commented on April 19th 20 at 12:21
April 19th 20 at 12:14
April 19th 20 at 12:16
Why not? Is.
Use routing instead of NAT and all.

If you don't need Internet access this is done without any problems.
If I want to access the Internet, all addresses must be white (routed on the Internet)

NAT is used only when you need to organize access to the interent network with private (gray) addresses, because these addresses are not routed in the global network.

Find more questions by tags MikrotikComputer networks