I asked recently about routing packets via OpenVPN with the packets addressed to the public address of the remote end, and I wanted to know how to stop the packets that would establish the VPN from being routed over the as-yet non-existent VPN. Tom helpfully suggested:
NONAT $FW net:$SystemB_ExtIP udp 1194 DNAT all vpn:172.16.92.2 all - - $SystemB_ExtIP That worked (thanks), and all packets originating in the LOC and DMZ of the firewall are routed over the VPN. However, if I ping SystemB_ExtIP from the firewall itself, the packet is routed over the VPN correctly but has a source address of the external IP whereas it needs to have a source address of the VPN. In other words, packets that originate on the firewall and that are destined for the public address of SystemB need to have their source IP set to 172.16.92.1. I hope I have been clear in my description of the problem. What do I need to do to achieve the desired result? Thanks, Keith ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
