mxb <m...@alumni.chalmers.se> wrote: > > You done the routing on the client side? > Client, after connecting to L2TP, should know how to reach your internal > network there web3 lives. >
Thanks Maxim!!! I got things to work. I have now fully functional web server accessible only via L2PT on the same physical IP address and the same port as another public web server. I would like to thank you (L2PT howto and Undeadly article), Brian S. Vangsgaard (L2PT howto), and Marko Cupac (PTPP howto which works like a charm and was really useful for debugging). Of course big thanks to all OpenBSD developers who put long hours into amazing IPsec layer and npppd daemon. Predrag P.S. Does anyone feel updating Maxim Bourmistrov undeadly article? http://undeadly.org/cgi?action=article&sid=20120427125048 I could write up summary of what you have essentially sent me and my own experience getting it to work but you guys really deserv all the credit. > //mxb > > > On 31 mar 2015, at 23:17, Predrag Punosevac <punoseva...@gmail.com> wrote: > > > > Hi Misc, > > > > Thanks to sevral kind fox I got L2PT server to work like a charm on 5.7. > > I will post my configuration files in day or two as I am working on the > > very tight deadline. > > > > I am facing now another probably trivial problem. > > > > I would like L2PT server to serve as a web gateway to one of my > > websites. > > > > > > Namely I have something like this > > > > Internet ----> Firewall/L2PT/Nginx ----> insecure web using Nginx proxy > > ----> insecure web2 using Nginx proxy > > ----> sec web3 only available to L2PT > > > > > > I have problem getting web3 to be available to L2PT folks. Was trying > > to rdr the incomming traffic on vpn interfece tun0 address 10.0.0.1 to > > a host behind firewall on my private lan. It didn't work. > > > > I am tried to use nginx as proxy as declaring 10.0.0.1 to be the > > interface and redireting to virtual host but all I get is for nginx to > > push that traffic to one of the hosts web and web2 which use the same > > port but different non vpn address (the same physical interface with > > tun0) > > > > The only thing I have not done is using enc0 interface? Can somebody > > point me in the general direction how to solve this problem. > > > > Most Kind Regards, > > Predrag Punosevac
