Hi I'm not sure if this will work, but you could try creating a loopback interface (lo2) on FWC with the IP address that the FTP server should be reachable on and then set up a regular VPN between FWA and FWC just for that one IP address: ike esp from 172.17.2.21/32 to 192.168.0.0/24 peer ip_fwA ...
Then tell the FTP server to listen on the IP of the lo2 interface (172.17.2.21?) /m On 02/13/12 14:43, Wesley M. wrote: > o;?Hi, > > I was using ipsec vpn between 2 OpenBSD Gateway. It worked very > well. > > Here : > > ---rl0---[fwA]---rl1--------(internet)---------sis1---[fwB > with ftpd]---sis0--- > > Now we remove ftp services from fwB and put it on an > other machine fwC with an internet connection (only one network card). is > it possible to keep a vpn online from fwA and fwC, and so computersA can > reach again ftp using vpn (provided by fwC). Perhaps i need to use vether > on fwC so briged pf ? > > Here the old ipsec.conf from fwB: > ike esp from > 172.17.2.0/24 to 192.168.0.0/24 peer ip_fwA > main auth hmac-sha1 enc > aes-256 group modp1024 > quick auth hmac-sha1 enc aes-256 group modp1024 > > psk "demopassword" > > My idea on fwC : > > add verther0 with : "inet > 172.17.2.21 255.255.255.0"
