Geert Hendrickx wrote:

I have set up a VPN with OpenVPN (ports/security/openvpn). It works
fine on the clients behind either router, but I'm still having a little
problem with it. Setup is like this:

VPN-router (FreeBSD)
VPN-router (OpenBSD)

where the 10.0.0.x are virtual devices (/dev/tun0), they are tunneling
the traffic through hardware routers which are connecting both sites to
the Internet.

Now when I make a connection from, say, to,
packets are sent across the networks ok. But when I make a connection
from (the vpn router itself) to, the latter one
sees the packets coming from, and it does not know how to route
them back.

I could solve this by adding extra routes (either on each client or on
the hardware routers which are the default route for each site), but
then there still is a problem if I want to restrict access to some
services, based on ip adress. I would have to allow access from the
10.65.28.x network, the 192.168.1.x network (that's ok), but also from
the 10.0.0.x network (which is only virtual). This may seem correct,
but I'm having problems with the fact that the clients get to see these
adresses. They shouldn't. When I make a connection from one of the
vpn-routers to any of the clients, I want the source adress to be, not (or, not, respectively).

Is that possible?

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Is this a FreeBSD project or Open? Since this is both places.

Best regards,

First rule of intelligent tinkering:
        Save all the parts
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to