On Mon, Aug 20, 2012 at 12:36:42PM -0700, Jeff Simmons wrote: > I have an OpenBSD VPN gateway with a Windows (shudder) server behind it with > a > private IP address. I need to set up a VPN with a remote company that > requires > that both our gateway and our host have public IP addresses. I am told the > Windows server can only set up IP aliases if they are both on the same subnet. > > Simply, an outbound pf redirect on the internal interface seems to be called > for, but the man page says, "If applied outbound, rdr-to to a local IP > address > is not supported." There are also various dire warnings about trying to do > address translation on enc0. I'm probably just missing something simple, but > is there an easy way to do this? >
The warning is about local IPs. In your case the rdr-to will be to an external address (the windows box) and so the warning should not apply. Just make sure that for both IPs (private and public) a valid route exists. It is not possible to do an outbound rdr-to a local IP because the return traffic will bypass some steps and is not properly translated because of this. -- :wq Claudio
