[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: redirecting packets to a vpn tunnel
On Wed, Jul 07, 2004 at 12:38:41PM +0200, Wolfgang Pichler wrote:
> on my openbsd firewall i have a vpn tunnel running to the 10.0.43.0
> subnet from an other company. The VPN tunnel works fine when i ping from
> the firewall to the other subnet using my external address (ping -I
> 220.127.116.11 10.0.43.11).
> Our own internal net is 172.16.0.0/24 - i'd now like my firewall to
> redirect packets coming from 172.16.0.0/24 with destination address
> 10.0.43.0/24 to go over the vpn tunnel.
> I've already tried to play around with pf, route, ipsecadm flow - but i
> don't get the point how to get this working.
> can anyone here give me a hint ?
Your internal network doesn't seem to be part of the ipsec flow. Try
nat on lo0 from 172.16.0.0/24 to 10.0.43.0/24 -> 18.104.22.168
route -q add -src 172.16.0.0/24 -dst 10.0.43.0/24 127.0.0.1
(plus some scrub rule to set max-mss to whatever your tunnel
can cope with, e.g. 1396 works for me).