Re: reach a remote LAN through IPSEC from the router

Mon, 10 Feb 2014 07:50:13 -0800 

Hi Christoph,

Yes it works if the binary handle the interface selection.
But in my case, unbound is listening on *.20.254 (my local gateway) but it can't reach the remote LAN 
It use the default (wan) interface instead of the IPSEC tunnel by default

Cheer,
Aurelien

Le 02/10/2014 04:31 PM, Christoph Leser a écrit :

For me it works if I do the 'interface selection' myself, by specifying the -I 
switch on ping, or -b for ssh.


-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]] Im
Auftrag von Aurelien Martin
Gesendet: Montag, 10. Februar 2014 16:10
An: Mitja Muženič; [email protected]
Betreff: Re: reach a remote LAN through IPSEC from the router

Hi Mitja,

When I add the route manually it's working like a charm.

But after that, all machines of my LAN ping with this following form
(Redirect Host). What does it mean ? For me the router rewrite the
destination that create an overhead.


$ ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.20.254: Redirect Host(New addr: 192.168.20.254)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
   4  5  00 0054 85ff   0 0000  40  01 4b56 192.168.30.2 192.168.10.1


Cheers,Aurelien


Le 02/10/2014 04:03 PM, Mitja Muženič a écrit :

A simple trick is to add a manual route for the remote LAN to the
internal interface of your router.



-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Aurelien Martin
Sent: Monday, February 10, 2014 3:59 PM
To: [email protected]
Subject: reach a remote LAN through IPSEC from the router

Dear all,

I'm linked to another LAN trough IPSEC. Everything is working except,
if I try to reach the remote LAN from my OpenBSD router.

In this case, the router use the default interface (wan) instead of
the IPSEC tunneling.

I would like to be able to reach the remote LAN due to a service on
the router that need to reach it

Please follow the log in attachment (schema-and-logs.txt +
ipsec-pf-route.txt)

Any idea ?

I already try to add a dirty route that's working, but create
overhead

      $ ping 192.168.10.1
      PING 192.168.10.1 (192.168.10.1): 56 data bytes
      36 bytes from 192.168.20.254: Redirect Host(New addr:
192.168.20.254)
      Vr HL TOS  Len   ID Flg  off TTL Pro  cks  Src      Dst
        4  5  00 0054 85ff   0 0000  40  01 4b56 192.168.20.2
192.168.10.1



Have a good day
Cheers,Aurelien

Reply via email to