Re: two vpn endpoints ... 3 net connections
--On 14 October 2005 09:02 +1000, Dave Harrison wrote: Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh over the fast link and ftp over the fat link (etc). The problem is that it's not the routed traffic I'm concerned with, it's the ISAKMP traffic that is directed to the firewall/vpn endpoint itself (as opposed to something behind that machine). Route-to doesn't work for the firewall machine itself I don't think, Seems that it does on my colo'd netra (at least for plain ip, admittedly I've not tried it with ipsec).
Re: two vpn endpoints ... 3 net connections
Stuart Henderson wrote: > --On 14 October 2005 08:32 +1000, Dave Harrison wrote: > >> Here's my problem, I have a remote machine that has two links, one is >> high bandwidth but has bad latency, the other has low bandwidth but >> good latency. > > pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh > over the fast link and ftp over the fat link (etc). > > The problem is that it's not the routed traffic I'm concerned with, it's the ISAKMP traffic that is directed to the firewall/vpn endpoint itself (as opposed to something behind that machine). Route-to doesn't work for the firewall machine itself I don't think, just for those machines passing traffic through it (although I had considered using reply-to, but I'm not sure how to use it for this scenario).
Re: two vpn endpoints ... 3 net connections
--On 14 October 2005 08:32 +1000, Dave Harrison wrote: Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh over the fast link and ftp over the fat link (etc).
