Found an error… my fault …. 🙄
Do you remember the previous ‘double’ netmask ? because the one which was doubled before, is missing in the last rules …
and , since we are here, these should be the correct rules that you need, with the NAT as you wish (lan-A 192.168.2.0 >> 172.31.255.0 and lanB 192.168.0.0 >> 172.20.0.0)
Lan-A
iptables -t nat -I POSTROUTING -o VPN00 -s 192.168.2.0/24 -d 172.20.0.0/24 -j NETMAP --to 172.31.255.0/24
iptables -t nat -I PREROUTING -i VPN00 -s 172.20.0.0/24 -d 172.31.255.0/24 -j NETMAP --to 192.168.2.0/24ip route 172.20.0.0 255.255.255.0 via 1.1.1.2Lan-B
iptables -t nat -I POSTROUTING -o VPN00 -s 192.168.0.0/24 -d 172.31.255.0/24 -j NETMAP --to 172.20.0.0/24
iptables -t nat -I PREROUTING -i VPN00 -s 172.31.255.0/24 -d 172.20.0.0/24 -j NETMAP --to 192.168.0.0/24ip route 172.31.255.0 255.255.255.0 via 1.1.1.1Assuming that 1.1.1.1 is the vpn-tunnel inner address of Lan-A, and 1.1.1.2 is the vpn-tunnel inner address of Lan-B …. correct the rules in the Scripts and the static routes, reboot and try… once again
Regards