[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: redirecting packets to a vpn tunnel

On Wed, Jul 07, 2004 at 12:38:41PM +0200, Wolfgang Pichler wrote:
> on my openbsd firewall i have a vpn tunnel running to the
> subnet from an other company. The VPN tunnel works fine when i ping from
> the firewall to the other subnet using my external address (ping -I
> Our own internal net is - i'd now like my firewall to
> redirect packets coming from with destination address
> to go over the vpn tunnel.
> I've already tried to play around with pf, route, ipsecadm flow - but i
> don't get the point how to get this working.
> can anyone here give me a hint ?
Your internal network doesn't seem to be part of the ipsec flow. Try
  nat on lo0 from to ->
  route -q add -src -dst
(plus some scrub rule to set max-mss to whatever your tunnel
can cope with, e.g. 1396 works for me).