IPSec won't let any traffic outside the encryption domain to go inside the tunnel.
You'd need to ask the carrier to add your new IP to the encryption domain on his side, and do the same on yours. Alternatively, you could use stunnel or the tricks you mentioned to fake the traffic to appear as coming from the server you have on the encryption domain. Hope it helps, Alex On Friday, September 9, 2011, Nicolas de Bari Embriz Garcia Rojas wrote: > Hi guys, first at all, sorry if this is kind 'of-topic' but I thing > that maybe some of you have already passed the following situation, > and would like to know your feedback. > > I made a connection to a SMSC center of an operator for that require a > VPN IPSEC. the flow is something like this: > > 172.16.16.1 --> 174.126.103.210 --> INTERNET <--- 200.46.161.143 <--- > 10.1.24.4 > > my side is 172.16.16.1, the operator SMSC 10.1.24.4 > > the IP's where assigned by them and the tunnel end points have mask 32 > so I can not extend it to something like 172.16.16.0/24. > > Anyway I successfully configured the VPN, from my side a "poor man's > FreeBSD/racoon server" versus a huge CISCO PIX appliance, so far, so > good. VPN up and running and I can telnet 10.1.24.4 etc. > > Now, on the the same server I have an subnet with the range of > 192.168.3.0/24 , and on a jail 'kind of VPS within FreeBSD' I have an > instance of kannel, but the routing/NAT issue is driving me crazy, I > can found a way to route traffic from 192.168.3.0/24 so it can reach > 10.1.24.4 (the smsc center) using NAT: > > I posted here more detailed information: > > http://forums.freebsd.org/showthread.php?t=26245 > > One way I have found to solve this, is to use software like 'jumpgate' > or 'balance' that act like a TCP proxy, but I would like to know if > this this can really work with NAT. > > Sorry again if this is "of-topic", any ideas/comments/tips would be > appreciated, blames > /dev/null > > regards. > >
