Hi,
I am trying to accomplish this: Connect a laptop (OpenBSD 5.7, road-warrior)
with IPSec/VPN tunnel to an OpenBSD server. The laptop is sitting in different
networks who all do NAT, the server has a static IPv4 address. The goal is
to route all the traffic from the laptop to the server, encapsulated as IPSec
packets. And then, forward those packages so that communciation goes entirly
over 'server'.
On both machines, I created a lo1 device with the addresses 10.0.0.1 (server)
and 10.0.0.2 (laptop). So the configuration looks like:
server NAT GW/DSL router
ext:1.2.3.4 <------ internet ------> ext:5.6.7.8 laptop
lo1:10.0.0.1 int:192.168.0.1 <-------------> int:
192.168.0.10
lo1:
10.0.0.2
ipsec.conf on the client:
ike esp from egress to 10.0.0.1 peer 1.2.3.4 psk "key"
ipsec.conf on the server:
ike passive esp from 10.0.0.1 to any srcid 'servername' psk "key"
I can ping 10.0.0.1 (from client and server) and see that encrypted packages
arrive
and the enc0 says that I got icmp requests from 192.168.0.10. I don't know,
how to
set up my my default route on the laptop (should be 10.0.0.1) (and then, do
NATting).
On lo1, there do not arrive any packages.
Any help is much appreciated.
Thanks,
Berger S.
