Hi, That may work in Jeff's case but we have the same problem in a quite complex setup and have only found more or less ugly work-around solutions.
I don't have the problem fresh in my head but from what I remember it seemed to me that the general problem is that the IPSEC routing associations takes precedence over the routing table, even when a more specific route is found in the routing table. I didn't find a way to "mix" the tables for example in the following way: 0/0 -> A (over IPSEC) 10/8 -> B 10.1/16 -> A (over IPSEC) 10.1.1/8 -> B Etc... For us, NAT is not a possible solution (please don't ask why). Is there a way to address this issue that I've missed, or are there any plans of solving this? We're using OpenBSD 4.x and PF. Kind regards, Fredrik Widlund -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter N. M. Hansteen Sent: den 21 augusti 2008 10:10 To: pf@benzedrine.cx Subject: Re: Routing VPNs through a second interface. Jeff Simmons <[EMAIL PROTECTED]> writes: > Heh. That works. But I sure pity the fool who has to take this over if I get > hit by the proverbial bus. ;-) ... .
