Hey - thanks for the tip. Currently the remote VPN server is the default gateway, so clients are using remote WAN IP as their internet IP. I double checked the routing table to be sure...traffic from the client to 10.1.1.x is definitely getting routed to the ERL at 10.1.0.1, but the traceroute times out after hitting the ERL if the target IP is not in the 10.1.0.X range.
For example:
traceroute to 10.1.0.5 (10.1.0.5), 64 hops max, 52 byte packets 1 10.255.255.0 39.557 ms 24.033 ms 19.649 ms 2 10.1.0.5 17.168 ms 19.186 ms 36.128 ms traceroute to 10.1.1.145 (10.1.1.145), 64 hops max, 52 byte packets 1 10.255.255.0 22.226 ms 21.767 ms 19.734 ms 2 * * *
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1 10.255.255.0 (10.255.255.0) 41.254 ms 18.656 ms 16.814 ms
2 internet ip 15.369 ms 18.354 ms 28.913 ms
3 and so on...
