--- Quoting RW on 2007/04/30 at 16:52 +1000: > Existing setup: > > Head Office: > WAN IP=165.x.y.z > LAN = 172.22.22.0/24 > Extranet gateway = 10.x.y.1 > > Branch Office: > WAN IP=150.x.y.z > LAN= 172.22.23.0/24 > > IPsec endpoints are OpenBSD firewalls and LAN to LAN connectivity is > fine. > > My challenge is to get traffic to pass from a host on the Branch LAN > over the IPsec tunnel to a host on the Extranet via gateway 10.x.y.1. > > If I could add a route entry that used the LAN IP of the H/O firewall > life would be easy but of course addresses the are only visible through > IPsec don't appear in the routing table to be used as the next hop. > > Is there a way to do this using either route or pf or ipsec itself? > Some other method? > > I have to be able to get traffic to several hosts on the extranet (and > get the replies back!) and they are only reachable via the extranet > gateway on the head office firewall. > > Cluestick, anybody?
Setup your flows appropriately on the branch ipsec gateway to get traffic over the tunnel and to the head office. On the HO endpoint, setup a normal route to push the traffic to the extranet gateway. .joel
