Hello, the question seems simple, but I can not understand.
Here's an example network diagram
The router And the client
Router B server
The router And gets an ip address 192.168.1.10.
In the chain one NAT rule masquerading on public interface for Internet access.
In this configuration, router A pings router B. Computers behind a router And can't ping router B.
After adding the router And masquerade NAT rules on the VPN interface, computers behind a router And already can ping the router B.
Why is it necessary to do masquerade on the VPN interface for access to network B ?
Why not fire marshrutizatora ? Think private addresses should be routable ?