Hello everybody, is there any way to route traffic between two ipsec tunnels, like in this example:
Lan1---|Router1|--Wan1---|INTERNET|---Wan2---|Router2|---Lan2 | Wan3 | |Router3| | Lan3 Router1 is at company's headquarters, Router2 is at remote office and Router3 is a customer. Headquarters's Lan1 is connected to remote office's Lan2 and customer's Lan3 over an IPSec tunnel. Lan1 <--IPSec--> Lan2 Lan1 <--IPSec--> Lan3 I would like to allow communication between remote offfice's Lan2 to customer's Lan3 over the Router1. Lan2 <--IPSec - Router1 - IPSec --> Lan3 In Linux, I would just add one more tunnel from remote office's Wan2 to headquarters's Wan1 with Lan2 and customers Lan3 defined as SA's. Then I would tell iptables to nat everything from Lan2 to Lan3 --> Lan1 IP. Request would come from Lan2 to Lan3 over second defined tunnel between Router2 and Router1 and there it would be NAT-ed to Lan1 IP and sent forward to Lan3 over the existing tunnel between Router1 and Router3. Can I do that with pf and isakmpd ? Thank you very much