configuration of ip adresses on vpn router
Chris
racerx at makeworld.com
Fri Aug 20 15:36:08 PDT 2004
Geert Hendrickx wrote:
> Hi,
>
> I have set up a VPN with OpenVPN (ports/security/openvpn). It works
> fine on the clients behind either router, but I'm still having a little
> problem with it. Setup is like this:
>
> LAN
> 192.168.1.x
> |
> |
> 192.168.1.20
> VPN-router (FreeBSD)
> 10.0.0.1
> |
> |
> 10.0.0.2
> VPN-router (OpenBSD)
> 10.65.28.20
> |
> |
> 10.65.28.x
> LAN
>
> where the 10.0.0.x are virtual devices (/dev/tun0), they are tunneling
> the traffic through hardware routers which are connecting both sites to
> the Internet.
>
> Now when I make a connection from, say, 192.168.1.210 to 10.65.28.38,
> packets are sent across the networks ok. But when I make a connection
> from 192.168.1.20 (the vpn router itself) to 10.65.28.38, the latter one
> sees the packets coming from 10.0.0.1, and it does not know how to route
> them back.
>
> I could solve this by adding extra routes (either on each client or on
> the hardware routers which are the default route for each site), but
> then there still is a problem if I want to restrict access to some
> services, based on ip adress. I would have to allow access from the
> 10.65.28.x network, the 192.168.1.x network (that's ok), but also from
> the 10.0.0.x network (which is only virtual). This may seem correct,
> but I'm having problems with the fact that the clients get to see these
> adresses. They shouldn't. When I make a connection from one of the
> vpn-routers to any of the clients, I want the source adress to be
> 192.168.1.20, not 10.0.0.1 (or 10.65.28.20, not 10.0.0.2, respectively).
>
> Is that possible?
>
> GH
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
Is this a FreeBSD project or Open? Since this is both places.
--
Best regards,
Chris
First rule of intelligent tinkering:
Save all the parts
More information about the freebsd-questions
mailing list