Date: Fri, 20 Aug 2004 17:36:02 -0500 From: Chris <racerx@makeworld.com> To: Geert Hendrickx <geert.hendrickx@ua.ac.be> Cc: freebsd-questions@freebsd.org Subject: Re: configuration of ip adresses on vpn router Message-ID: <41267CD2.4040109@makeworld.com> In-Reply-To: <20040820222529.GA53077@lori.mine.nu> References: <20040820222529.GA53077@lori.mine.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Geert Hendrickx wrote: > Hi, > > I have set up a VPN with OpenVPN (ports/security/openvpn). It works > fine on the clients behind either router, but I'm still having a little > problem with it. Setup is like this: > > LAN > 192.168.1.x > | > | > 192.168.1.20 > VPN-router (FreeBSD) > 10.0.0.1 > | > | > 10.0.0.2 > VPN-router (OpenBSD) > 10.65.28.20 > | > | > 10.65.28.x > LAN > > where the 10.0.0.x are virtual devices (/dev/tun0), they are tunneling > the traffic through hardware routers which are connecting both sites to > the Internet. > > Now when I make a connection from, say, 192.168.1.210 to 10.65.28.38, > packets are sent across the networks ok. But when I make a connection > from 192.168.1.20 (the vpn router itself) to 10.65.28.38, the latter one > sees the packets coming from 10.0.0.1, and it does not know how to route > them back. > > I could solve this by adding extra routes (either on each client or on > the hardware routers which are the default route for each site), but > then there still is a problem if I want to restrict access to some > services, based on ip adress. I would have to allow access from the > 10.65.28.x network, the 192.168.1.x network (that's ok), but also from > the 10.0.0.x network (which is only virtual). This may seem correct, > but I'm having problems with the fact that the clients get to see these > adresses. They shouldn't. When I make a connection from one of the > vpn-routers to any of the clients, I want the source adress to be > 192.168.1.20, not 10.0.0.1 (or 10.65.28.20, not 10.0.0.2, respectively). > > Is that possible? > > GH > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > Is this a FreeBSD project or Open? Since this is both places. -- Best regards, Chris First rule of intelligent tinkering: Save all the parts
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41267CD2.4040109>