[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: redirecting packets to a vpn tunnel

Am Mi, den 07.07.2004 schrieb Fisher, James L. um 13:48:
> When I did this back in OpenBSD 3.1 days (and permuting to your
> subnets), I had to:
> (1) put the following line in /etc/rc.local:
> 	route add -net a.b.c.d
> (where a.b.c.d is the address of the external interface of the remote
> OpenBSD firewall...the other company in your case), and
this can't work - because my firewall can't route something for the
remote ip address (Bad file descriptor)
> (2) ensure a similar return route was on configured on the remote
i don't have access to the remote firewall
> Since the ping works when the source address is your external interface
> address but not when the source address is on your internal net, I'm
> wondering if the icmp echo request packets are being sent, but the
> remote network doesn't know the route by which to return the icmp echo
> reply packets.  Running tcpdump on your external interface may help
> determine this.
the connection works when the source address is (thats one
of my external addresses) - the ping goes through (i can see it with
tcpdump -i enc0)
> Hope this helps.
> --jim
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf
> Of Wolfgang Pichler
> Sent: Wednesday, July 07, 2004 6:39 AM
> To: openbsd pf
> Subject: redirecting packets to a vpn tunnel
> hi all,
> on my openbsd firewall i have a vpn tunnel running to the
> subnet from an other company. The VPN tunnel works fine when i ping from
> the firewall to the other subnet using my external address (ping -I
> Our own internal net is - i'd now like my firewall to
> redirect packets coming from with destination address
> to go over the vpn tunnel.
> I've already tried to play around with pf, route, ipsecadm flow - but i
> don't get the point how to get this working.
> can anyone here give me a hint ?
> best regards
> Wolfgang