[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setting up vpn tunnel with nat - twisted

On Thu, 06 Jan 2005 21:11:08 +1100, Rod.. Whitworth <[email protected]> wrote:
> On Wed, 5 Jan 2005 18:20:10 -0500, brianBOFH wrote:
> >Hi,
> >
> >I have two networks physically separated.  I need to
> >get connectivity from one to the other and vice versa _without_
> >renumbering hosts.
> >
> >That being said - I have an openbsd 3.6 machine with one public and
> >one private interface on each end.
> >
> >I know I can setup the tunnel between the two.  But because I can't
> >bridge and route between the same network, my question is setting up
> >NAT between them.  Obviously the SRC and DST needs to be rewritten on
> >either side which means your typical NAT setup will not work.  Can
> >this be achieved with pf?  If anyone can point me in the right
> >direction I would appreciate it.
> >
> >Cheers,
> >Brian
> >
> First we need to know that there are no address clashes between members
> of each LAN.
> Second: Do you expect to be able to connect in any way from LAN1:hostx
> to LAN2:hosty ?
> Or are you just wanting to do something at the other gateway?
> The question seemed easy (to state) to you but it misses much detail.
> If you tell us too much we can filter better than we can construct in
> the absence of detail.
> Maybe renumbering one end is actually easier......
> >From the land "down under": Australia.
> Do we look <umop apisdn> from up over?
> Do NOT CC me - I am subscribed to the list.
> Replies to the sender address will fail except from the list-server.
There will definately be overlap between the two.  Hence my wanting to
nat the entire network going both directions.  I need to connect from
LAN1:host(1-254) to LAN2:host(1-254) and vice versa.
Ideally I would be able to add a route to a pseudo-net(nat'd openbsd
box the gateway of course) on either end.
If it's not possible just say so :)