Problem: site H : computer with a dynamic IP ADSL connection, but unable to use certain ports due ISP restriction site C : computer with a static connection, one public IP, no limitations on use, and a private subnet behind. site L : computer with a static connection, many ip available, same restriction as H on ports (NIC on L and A subnets). site A : many computers with private addresses, accessible only from their subnet (where L is the gateway) site G : same as A, behind C site I : server that accepts only connections coming from C site W : server that accepts only connections coming from L subnet I have root access and posibility to change configurations for H C L hosts. I assume i want to connect from H computer. To connect to A and W i just set two openVPNs with bidging from H to L , giving me two virtual addresses on A and W subnet and this is OK. So if i have to connect to computers on A and L subnet I am ready, if I have to connect to computers on W subnet, I route throught the L submet gateway. The problems come when i have to connect either to I servers or using ports that either H's and L's gateways ban. (of course: all other services are routed trought the H default gateway) In this case i should appear as coming from C . How to: a. set a VPN that masquerade to be from C (ideally i would like to set anothere VPN to C, taking an address on his private subnet, so I would be seen also by the other computers in his subnet). I have managed on L, buth there i had the possibility to have a spare public address to "donate"to the VPN user. but on C I must exit with C's address. I have also to reserve a number of ports to be routed to H _when_vpn_is_in_use b. more difficult: tell C that certain programs, or any one using as source or destination certain ports must use this particular v-address, while all other traffic (not intercepted by the previous rules of "plain" routing) should use normal eth0 interface (the only use to use VPN is to be able to access to services that accept connections only by certain addresses, i I have to download an update there is no reason to use a VPN sucking three times the band also on the intermediate computer ...)
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
