I have it working ;-) What i have done : Create a vether0 with : inet 172.17.2.21 255.255.255.0 Create a bridge0, add to it vether0 and the physical card... PF : filter the bridge Create the vpn, i can reach the ftp :-) Pretty cool Thank's to vether !!
Cheers, Wesley MOUEDINE ASSABY On Thu, 16 Feb 2012 14:03:54 +0100, Markus Wernig <[email protected]> wrote: > Hi > > I'm not sure if this will work, but you could try creating a loopback > interface (lo2) on FWC with the IP address that the FTP server should be > reachable on and then set up a regular VPN between FWA and FWC just for > that one IP address: > ike esp from 172.17.2.21/32 to 192.168.0.0/24 peer ip_fwA ... > > Then tell the FTP server to listen on the IP of the lo2 interface > (172.17.2.21?) > > > /m > > On 02/13/12 14:43, Wesley M. wrote: >> o;?Hi, >> >> I was using ipsec vpn between 2 OpenBSD Gateway. It worked very >> well. >> >> Here : >> >> ---rl0---[fwA]---rl1--------(internet)---------sis1---[fwB >> with ftpd]---sis0--- >> >> Now we remove ftp services from fwB and put it on an >> other machine fwC with an internet connection (only one network card). is >> it possible to keep a vpn online from fwA and fwC, and so computersA can >> reach again ftp using vpn (provided by fwC). Perhaps i need to use vether >> on fwC so briged pf ? >> >> Here the old ipsec.conf from fwB: >> ike esp from >> 172.17.2.0/24 to 192.168.0.0/24 peer ip_fwA >> main auth hmac-sha1 enc >> aes-256 group modp1024 >> quick auth hmac-sha1 enc aes-256 group modp1024 >> >> psk "demopassword" >> >> My idea on fwC : >> >> add verther0 with : "inet >> 172.17.2.21 255.255.255.0"
