[email protected] wrote: >>>> I would like the AnyConnect machine to behave like a gateway >>>> for the IP phones - basically all the traffic from eth1 to go >>>> through cscotun0. In other words, to behave like a Cisco ASA >>>> device (which is a site to site VPN). >>>> >>>> My first thought was that a bridge between cscotun0 and eth1 >>>> would suffice but this fails short - I think because the VPN >>>> interface is tun. >>>> >>>> I know I am expressing poorly what I am looking for, please >>>> bear with me. >>> I'm assuming that the Phone expects to use DHCP to acquire an IP >>> address? If so and if the VPN software you are using is incapable >>> of creating/using a tap device, I see no way to accomplish your >>> goal. >> You could try running dhcrelay on your local interface and specify >> the DHCP server from the VPN. By setting the proxy arp flag on the >> local interface (echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp), >> you might be able to get the phone to work (if the phone doesn't >> depend on broadcast for anything except DHCP). > > Wow, thanks! That is a nice thing to know. The phone needs DHCP > indeed and AnyConnect is just tun (and, what's more seems to use its > own SSL brew).
Also be sure to echo 1 > /proc/sys/net/ipv4/ip_forward .... -Tom ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
