Hi, I am trying to accomplish this: Connect a laptop (OpenBSD 5.7, road-warrior) with IPSec/VPN tunnel to an OpenBSD server. The laptop is sitting in different networks who all do NAT, the server has a static IPv4 address. The goal is to route all the traffic from the laptop to the server, encapsulated as IPSec packets. And then, forward those packages so that communciation goes entirly over 'server'.
On both machines, I created a lo1 device with the addresses 10.0.0.1 (server) and 10.0.0.2 (laptop). So the configuration looks like: server NAT GW/DSL router ext:1.2.3.4 <------ internet ------> ext:5.6.7.8 laptop lo1:10.0.0.1 int:192.168.0.1 <-------------> int: 192.168.0.10 lo1: 10.0.0.2 ipsec.conf on the client: ike esp from egress to 10.0.0.1 peer 1.2.3.4 psk "key" ipsec.conf on the server: ike passive esp from 10.0.0.1 to any srcid 'servername' psk "key" I can ping 10.0.0.1 (from client and server) and see that encrypted packages arrive and the enc0 says that I got icmp requests from 192.168.0.10. I don't know, how to set up my my default route on the laptop (should be 10.0.0.1) (and then, do NATting). On lo1, there do not arrive any packages. Any help is much appreciated. Thanks, Berger S.