network routing and vpn connectivity

[Louis LeBlanc]

On 03/14/04 08:35 AM, Lowell Gilbert sat at the `puter and typed:
> Louis LeBlanc <freebsd at keyslapper.org> writes:
> 
> > I have a strange network question.
> > 
> > I finally found the vpn client that actually manages to open a
> > connection to the Cisco vpn appliance my employer uses with a minimum
> > of pain (security/vpnc).  The problem I'm having is making it possible
> > for my FreeBSD desktop at work to retain access to my FreeBSD desktop
> > at home while the vpn connection is active - in other words, I can
> > only get one way access.
> > 
> > This is why:
> > With the vpn connection established, the only way the home machine can
> > connect to the work machine (via ssh, for example) is if I route the
> > work IP through the vpn device (tun1 in my case).  Problem is that
> > when work tries to connect, home tries to route the response through
> > the vpn.
> 
> Why shouldn't it do just that?  It's sending a packet to the same
> address, why wouldn't it send the packet the same way?

This is how I understand the problem:

Home connects to vpn1 at work, creating a tun1 device.  Problem is
that vpnc doesn't create a default route to vpn1.  Point is that I
don't want EVERYTHING going through tun1, because that would cause
problems with mail traffic coming from other places (this is my home
network gateway).

Once I set up routes to the vlan that Work belongs to, setting up the
IP given to tun1 as the gateway, Home can connect to work.

Problem is that the default route still goes to tun0 (my dsl device)
which cannot change without interfering with all other traffic into
the box.

The question is can I set things up so that Work will come through the
VPN pipe to get to Home?

I'm starting to think I can't.

Lou
-- 
Louis LeBlanc               leblanc at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     Ô¿Ô¬