I know ssh works also very well. But the company has requierements : ipsec vpn with specific phase 1 and 2...
Wesley. On Thu, 16 Feb 2012 19:18:09 +0000 (GMT), Mik J <[email protected]> wrote: > Hello, > > I have this configuration working without any bridge. > Openbsd rl0 <- > LAN1 -> Router <- Internet -> RemoteFW <- LAN 2 -> SomeDevice > My PC is > connected to a LAN1 switch, and it's able to ssh SomeDevice. As you can > see my > OpenBSD has just one interface and the VPN is mounted between OpenBSD and > RemoteFW. > > > > ----- Mail original ----- >> De : Wesley M. > <[email protected]> >> @ : Markus Wernig <[email protected]> >> Cc : > [email protected] >> Envoyi le : Jeudi 16 fivrier 2012 15h59 >> Objet : Re: vpn > isakmpd ipsec, one side with only one interface >> >> I have it working ;-) >> > What i have done : >> Create a vether0 with : inet 172.17.2.21 255.255.255.0 >> > Create a bridge0, add to it vether0 and the physical card... >> PF : filter the > bridge >> Create the vpn, i can reach the ftp :-) Pretty cool >> Thank's to > vether !! >> >> Cheers, >> >> Wesley MOUEDINE ASSABY >> >> >> On Thu, 16 Feb 2012 > 14:03:54 +0100, Markus Wernig <[email protected]> >> wrote: >>> Hi >>> >>> > I'm not sure if this will work, but you could try creating a loopback >>> > interface (lo2) on FWC with the IP address that the FTP server should be >>> > reachable on and then set up a regular VPN between FWA and FWC just for >>> > that one IP address: >>> ike esp from 172.17.2.21/32 to 192.168.0.0/24 peer > ip_fwA ... >>> >>> Then tell the FTP server to listen on the IP of the lo2 > interface >>> (172.17.2.21?) >>> >>> >>> /m >>> >>> On 02/13/12 14:43, Wesley > M. wrote: >>>> o;?Hi, >>>> >>>> I was using ipsec vpn between 2 OpenBSD > Gateway. It worked very >>>> well. >>>> >>>> Here : >>>> >>>> > ---rl0---[fwA]---rl1--------(internet)---------sis1---[fwB >>>> with > ftpd]---sis0--- >>>> >>>> Now we remove ftp services from fwB and put it on > an >>>> other machine fwC with an internet connection (only one network card). >> is >>>> it possible to keep a vpn online from fwA and fwC, and so computersA >> can >>>> reach again ftp using vpn (provided by fwC). Perhaps i need to use >> vether >>>> on fwC so briged pf ? >>>> >>>> Here the old ipsec.conf from > fwB: >>>> ike esp from >>>> 172.17.2.0/24 to 192.168.0.0/24 peer ip_fwA >>>> > main auth hmac-sha1 enc >>>> aes-256 group modp1024 >>>> quick auth > hmac-sha1 enc aes-256 group modp1024 >>>> >>>> psk "demopassword" >>>> >>>> > My idea on fwC : >>>> >>>> add verther0 with : "inet >>>> 172.17.2.21 > 255.255.255.0"
