Hello Mik, Sunday, November 13, 2011, 8:06:32 AM, you wrote:
MJ> I would like to know if such configuration is possible. MJ> LAN1 MJ> (192.168.10.0/24) <--> OpenBSD .99 <--> .254 Router IPx <--> Internet <--> IPy MJ> IPSec_GW (Vendor) <--> LAN2 (192.168.20.0/24) MJ> As you can see the OpenBSD 4.9 MJ> server sits on the LAN1 and has one physical interface. MJ> When it wants to MJ> access to the internet, its address 192.168.10.99 is natted in IPx and that's MJ> how the IPSec_GW(Vendor) sees the source packets. MJ> It's not really important MJ> now if other machines on LAN1 should ping machines on LAN2. I would like for MJ> now that the OpenBSD could ping machines on LAN2. MJ> I have search for examples MJ> on the internet for this particular case because the OpenBSD is behind a nat MJ> router. And I haven't found the proper way to do this. I don't even know if MJ> it's possible. I know some kind of nat-t should be used though. MJ> Does anyone MJ> have this configuration in place ? There are two problems in that configuration: IPSEC behind a NAT and one physical interface. IPSEC behind a NAT more often works than not. I have similar working configuration myself (but with two interfaces). Would recommend to use UDP encapsulation if the other side supports it. I would recommend to get a computer with 2 network interfaces. Otherwise it's going to be very complicated at best. /24 (on the left) is for sure not going to work.
