--On 14 October 2005 09:02 +1000, Dave Harrison wrote:
Here's my problem, I have a remote machine that has two links, one
is high bandwidth but has bad latency, the other has low bandwidth
but good latency.
pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send
ssh over the fast link and ftp over the fat link (etc).
The problem is that it's not the routed traffic I'm concerned with,
it's the ISAKMP traffic that is directed to the firewall/vpn endpoint
itself (as opposed to something behind that machine).
Route-to doesn't work for the firewall machine itself I don't think,
Seems that it does on my colo'd netra (at least for plain ip,
admittedly I've not tried it with ipsec).
