Thomas Schoeller wrote:
this will not work. ipsec will not encap packets that not belong to a flow.you need a second ipsec flow like on GW B: ike esp from LAN_B/24 to vendor/18 peer OPENBSD_A_External and on GW A: ike esp from VENDOR/18 to LAN_B/24 peer OPENBSD_B_External and then a route on GW A to the vendor network. i think this will do the trick. thomas
Thanks, this worked great, just not sure why I didn't look at the ipsec flows for the solution.
Layne Evans
