Am Mi, den 07.07.2004 schrieb Fisher, James L. um 13:48: > When I did this back in OpenBSD 3.1 days (and permuting to your > subnets), I had to: > (1) put the following line in /etc/rc.local: > route add -net 10.0.43.0/25 a.b.c.d > (where a.b.c.d is the address of the external interface of the remote > OpenBSD firewall...the other company in your case), and this can't work - because my firewall can't route something for the remote ip address (Bad file descriptor)
> (2) ensure a similar return route was on configured on the remote i don't have access to the remote firewall > > Since the ping works when the source address is your external interface > address but not when the source address is on your internal net, I'm > wondering if the icmp echo request packets are being sent, but the > remote network doesn't know the route by which to return the icmp echo > reply packets. Running tcpdump on your external interface may help > determine this. the connection works when the source address is 81.223.6.246 (thats one of my external addresses) - the ping goes through (i can see it with tcpdump -i enc0) > > Hope this helps. > --jim > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Wolfgang Pichler > Sent: Wednesday, July 07, 2004 6:39 AM > To: openbsd pf > Subject: redirecting packets to a vpn tunnel > > hi all, > > on my openbsd firewall i have a vpn tunnel running to the 10.0.43.0 > subnet from an other company. The VPN tunnel works fine when i ping from > the firewall to the other subnet using my external address (ping -I > 81.223.6.246 10.0.43.11). > > Our own internal net is 172.16.0.0/24 - i'd now like my firewall to > redirect packets coming from 172.16.0.0/24 with destination address > 10.0.43.0/24 to go over the vpn tunnel. > > I've already tried to play around with pf, route, ipsecadm flow - but i > don't get the point how to get this working. > > can anyone here give me a hint ? > > best regards > Wolfgang
