Hi, >>> >>> Let's go super simple. >>> Existing setup: >>> ISP#1------A------ISP#2 >>> A has a /30 on each side >>> A has a /29 routed to it from ISP#1 >>> >>> Desired setup: >>> ISP#1--A--ISP#2---------MyISP---B >>> ALL traffic to A via ISP#1 is to go to B >>> ALL replies to return via A >>> B will handle A's /29 >>> A should just be a "lump in the pipe" >>> Translation of addresses en route is fine as long as connections from >>> the cloud intended for A get to B and responses get back looking like >>> the real thing. > So I setup a gre tunnel a la the manpage example. > But how does the traffic coming from ISP#1 get to be treated properly > at B? > And replied to without the sender seeing that it's from a foreign > destination? > And will the /29 arrive at B ready to route to local hosts?
If i really understood it, what you want/need is. - create a vpn between A and B - A must have a route that says that <Behind B network> should go thru VPN - A must have a NAT rule that says that <IP to /29> should be translated to <Behind B network IP> [1] - B must have a default route that route packets from <Behind B network IP> thru VPN I have done this with, err.. other OS. Anyway should be even easier with openbsd. Not really sure about this but from the perspective of a external viewer the only difference should be the TTL from packets coming from A and B, but even that could be masked. [1] not really necessary... if you are going to use /29 behind B. In this case <behind B network> = A /29 -- Christian Lyra PoP-PR/RNP
