From: David de Gruyl (davidbhaermandegruyl.org)
Date: Thu Oct 02 2003 - 08:47:38 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Apparently I made a mistake in the setup of a remote office, when I sent
an OpenBSD box for use as a firewall. I set up a bridging firewall in
that office, but I think that I a regretting that decision. The
structure is:

lan ----------------- Firewall ---------------- router ---- internet
192.168.65.0/24 int: 192.168.65.7 int: 192.168.65.254
gw: 192.168.65.254 ext: public IP ext: public IP

The firewall is also handling IPsec via isakmpd, and the connections are
being established, and working from that machine. Incoming connections
through the VPN tunnels are arriving, and being routed to the lan, but
responses are going out the default route.

I am hoping that changing to a non-bridging IP scheme will eliminate the
problems with respect to routing of IP packets, through the IPsec
tunnels. So I plan on using:

lan ----------------- Firewall ---------------- router ---- internet
192.168.65.0/24 int: 192.168.65.254 int: public IP
gw: 192.168.65.254 ext: public IP ext: same as int

Is this the advisable solution, so that packets will be routed from the
internal network to the VPN tunnels? (I have a setup similar to this at
two other locations, which do not expirience the routing issues).

Thank you,
David
--
David de Gruyl <davidbhaermandegruyl.org>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]