I think the ICMP error packets are not passing thru SNAT and thus not reaching the client.
I have attached the show_trace output and show_errors output : https://gist.github.com/johnpearson555/bbc810732b7934e566d928ccb64705cf
For errors:
Count Node Reason
12 ip4-input ip4 spoofed local-address packet drops
12 ip4-icmp-error hop limit exceeded response sent
client=192.168.1.8 (b8:27:eb:91:83:20)
router WAN=10.10.1.1 (00:08:a2:0a:97:fc)
server=10.10.1.2 (a0:36:9f:9b:e2:e0)
loop0= de:ad:00:00:00:00
There is only one router, which is VPP-Gate.
For Packet 1, the ttl is decremented correctly to zero and it is showing "ICMP time_exceeded ttl_exceeded_in_transit" but there is an error:
00:25:53:919644: error-drop
ip4-input: ip4 spoofed local-address packet drops