[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: redirecting packets to a vpn tunnel



On Wed, Jul 07, 2004 at 12:38:41PM +0200, Wolfgang Pichler wrote:
> on my openbsd firewall i have a vpn tunnel running to the 10.0.43.0
> subnet from an other company. The VPN tunnel works fine when i ping from
> the firewall to the other subnet using my external address (ping -I
> 81.223.6.246 10.0.43.11).
> 
> Our own internal net is 172.16.0.0/24 - i'd now like my firewall to
> redirect packets coming from 172.16.0.0/24 with destination address
> 10.0.43.0/24 to go over the vpn tunnel.
> 
> I've already tried to play around with pf, route, ipsecadm flow - but i
> don't get the point how to get this working.
> 
> can anyone here give me a hint ?
Your internal network doesn't seem to be part of the ipsec flow. Try
  nat on lo0 from 172.16.0.0/24 to 10.0.43.0/24 -> 81.223.6.246
and
  route -q add -src 172.16.0.0/24 -dst 10.0.43.0/24 127.0.0.1
(plus some scrub rule to set max-mss to whatever your tunnel
can cope with, e.g. 1396 works for me).
Cheers,
Marc