Well, I've got it. It turns out it's kind of easy, although not
as pretty as it could be.
Basically, you use relayd. The one caveat is that this means that
from the OpenBSD box, you need to be able to talk to the remote,
private IPs without binding to a particular address.
In relayd.conf, you e
Toby,
Actually, I was initially using my local subnet address rather than
"any", but I realized that if did so, this address could be seen on
the remote vpn server by looking at the flows table.
After setting the "from any" rule, I realized that, yes it was more or
less working as expected, but it
On Fri, Aug 15, 2008 at 05:09:08PM +0900, william dunand wrote:
> Of course, as it is a testing environment it is a lot easier to make
> it work for me...
> On the remote side, a configured something like this (I suppose they
> have something of this kind on the other side) :
> ike passive esp from
Of course, as it is a testing environment it is a lot easier to make
it work for me...
On the remote side, a configured something like this (I suppose they
have something of this kind on the other side) :
ike passive esp from 172.25.0.1 to A.B.C.D
And on the local server side, all I have is :
ike
On Fri, Aug 15, 2008 at 01:24:59PM +0900, william dunand wrote:
> Hi,
>
> I tried to reproduce what you want in my testing environment and
> managed to make it work.
>
> What you have to do is :
> - In your ipsec.conf, add an rule from your local network to the
> distant 172.25.0.1 (this rule is
gt;> I can ping a host from LAN_A to a host on LAN_B
>>
>> I hope this can Help !
>>
>>
>>
>>
>>
>> Original-Nachricht
>>
>>>
>>> Datum: Wed, 13 Aug 2008 16:41:20 -0400
>>> Von: Toby Burress <[EMA
on LAN_B
I hope this can Help !
Original-Nachricht
Datum: Wed, 13 Aug 2008 16:41:20 -0400
Von: Toby Burress <[EMAIL PROTECTED]>
An: misc@openbsd.org
Betreff: Using PF to NAT internal addresses over an IPSec link
I have an IPSec connection set up to an
-Nachricht
> Datum: Wed, 13 Aug 2008 16:41:20 -0400
> Von: Toby Burress <[EMAIL PROTECTED]>
> An: misc@openbsd.org
> Betreff: Using PF to NAT internal addresses over an IPSec link
> I have an IPSec connection set up to an external site, over which
> I have no control an
I have an IPSec connection set up to an external site, over which
I have no control and whose topololgy I know nothign about (i.e. I
don't know what subnets they use, etc.) Using ipsecctl, I have one
flow set up, from my external IP A.B.C.D to an internal IP on their
side, 172.25.0.1.
I can ping
9 matches
Mail list logo