Subject: Re: VPN and routing
To: None <tech-net@NetBSD.org>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-net
Date: 10/17/2007 11:24:21
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Matthias" == Matthias Scheler <tron@zhadum.org.uk> writes:
Matthias> [This really belongs on "tech-net@NetBSD.org]
Matthias> On Mon, Oct 15, 2007 at 02:08:53PM -0500, Steve Pribyl
Matthias> wrote:
>> How do I get my netbsd box to route on the same network?
>>
>> 192.168.0.0/24--->[netbsd box 192.168.0.1] ^
>> |
>> [via IPSEC VPN 192.168.0.200/24]--|
>>
>> The netbsd box is running 4.0 rc2 racoon and pf.
>>
>> How do I get the netbsd box to "listen" for vpn destine traffic,
>> or is this just not the way to do it.
Matthias> Is that your problem?
I don't think you got it.
I think he has extruded the IP 192.168.0.200 to this remote machine.
The gateway is 192.168.0.1. The question is, how can he make
192.168.0.1 pick up packets for .200 and send them over the link.
The answer is proxy-arp.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRxYpJICLcPvd0N1lAQLRCgf6AqvL/f5Wq886xLXIvJR8AkBMD6hiSg+l
s5TpBQCYGCobnghwEs+kkImaU3ycqeoV5DZexXRtCp7Ss2fwoCytdNObwLK/N+26
7Hkm4hTlIvTGoigFYXlKqzuSdicrBA3Tm717BZnXYxCmD1NjRDWNd/B7gP8OxmoT
VSvQIg+HWzzJd2L6wmh8MgwGuYtPH4bhmlXWAm+A9kZtlVw9cEx5KSyrraxUeF9E
cBiyR29e98xZk8asse6HxrD3fhhrHcZ902JkjNeffowdfkfMrQi1MD2hZ0cD29wF
VKtEmQmavN3DyXfIw/n90t5ZzXE38WRAQTRrl556BPJb/AU5trK3HA==
=4Ny4
-----END PGP SIGNATURE-----