Hello everybody,
is there any way to route traffic between two ipsec tunnels, like in this
example:
Lan1---|Router1|--Wan1---|INTERNET|---Wan2---|Router2|---Lan2
|
Wan3
|
|Router3|
|
Lan3
Router1 is at company's headquarters, Router2 is at remote office and Router3
is a customer.
Headquarters's Lan1 is connected to remote office's Lan2 and customer's Lan3
over an IPSec tunnel.
Lan1 <--IPSec--> Lan2
Lan1 <--IPSec--> Lan3
I would like to allow communication between remote offfice's Lan2 to
customer's Lan3 over the Router1.
Lan2 <--IPSec - Router1 - IPSec --> Lan3
In Linux, I would just add one more tunnel from remote office's Wan2 to
headquarters's Wan1 with Lan2 and customers Lan3 defined as SA's.
Then I would tell iptables to nat everything from Lan2 to Lan3 --> Lan1 IP.
Request would come from Lan2 to Lan3 over second defined tunnel between
Router2 and Router1 and there it would be NAT-ed to Lan1 IP and sent forward
to Lan3 over the existing tunnel between Router1 and Router3.
Can I do that with pf and isakmpd ?
Thank you very much
