[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: redirecting packets to a vpn tunnel



When I did this back in OpenBSD 3.1 days (and permuting to your
subnets), I had to:
(1) put the following line in /etc/rc.local:
	route add -net 10.0.43.0/25 a.b.c.d
(where a.b.c.d is the address of the external interface of the remote
OpenBSD firewall...the other company in your case), and
(2) ensure a similar return route was on configured on the remote
Since the ping works when the source address is your external interface
address but not when the source address is on your internal net, I'm
wondering if the icmp echo request packets are being sent, but the
remote network doesn't know the route by which to return the icmp echo
reply packets.  Running tcpdump on your external interface may help
determine this.
Hope this helps.
--jim
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf
Of Wolfgang Pichler
Sent: Wednesday, July 07, 2004 6:39 AM
To: openbsd pf
Subject: redirecting packets to a vpn tunnel
hi all,
on my openbsd firewall i have a vpn tunnel running to the 10.0.43.0
subnet from an other company. The VPN tunnel works fine when i ping from
the firewall to the other subnet using my external address (ping -I
81.223.6.246 10.0.43.11).
Our own internal net is 172.16.0.0/24 - i'd now like my firewall to
redirect packets coming from 172.16.0.0/24 with destination address
10.0.43.0/24 to go over the vpn tunnel.
I've already tried to play around with pf, route, ipsecadm flow - but i
don't get the point how to get this working.
can anyone here give me a hint ?
best regards
Wolfgang