Hello,
I wish you an happpy new year.
I have some trouble with my new Openbsd router.
I installed the latest version 4.4. I compile the kernel with the
RAID FRAME
options.
This router is running services for :
- OSPF
- PF
- CARP
- IPSEC/ISAKMPD/SASYNCD
I have trouble with the IPSEC and PF services (rdr rules particularly).
I have a VPN between two peers : A.B.C.D and E.F.G.H
The peer A.B.C.D is running Openbsd 4.4 and E.F.G.H is running
Feebsd 6.3.
Behind this two peers, I have many networks. So, I use IPENCAP potocol
to connect it.
From the host x.x.x.x behind E.F.G.H, I would like to connect to the
host
y.y.y.y behind A.B.C.D. This working good.
But when I try to redirect traffic from x.x.x.x to y.y.y.y toward
z.z.z.z with a
PF/rdr rule, this don't work.
Following, the pf rule used on the peer A.B.C.D :
rdr from any to y.y.y.y -> z.z.z.z
I also try this rules :
rdr enc0 from any to y.y.y.y -> z.z.z.z
rdr nfe0 from any to y.y.y.y -> z.z.z.z (where is nfe0 is a private
interface used
to route the traffic).
With the same result .....
The traffic is not redirected. I can see on nfe0 the traffic from
x.x.x.x to y.y.y.y
instead of traffic from x.x.x.x to z.z.z.z.
with the pfctl -s state, I can see state like this :
nfe0 icmp x.x.x.x:31262 -> y.y.y.y:31262 0:0
Before using this configuration on Openbsd 4.4, I used it on Freebsd
6.3.
Everything is OK.
I'm searching for any documentation on the WEB, without success for the
moment.
Maybe someone can help me here.
Thank you.
