[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bimap on enc0 for VPN address collison prevention
- To: misc@openbsd.org
- Subject: bimap on enc0 for VPN address collison prevention
- From: Andreas Schuldei <andreas@schuldei.org>
- Date: Thu, 18 Jan 2001 00:21:39 +0100
- Content-Disposition: inline
- User-Agent: Mutt/1.3.12i
I am one of the lucky guys that can work from home and sleep in
every day. To do that (the work, not the sleep) with a VPN to the
office. Since several offices will be connected with this VPN
there are clashes in the address ranges of the privat networks
likely to happen. In fact, one is happening allready. Since my
network is smaler I have to move.
I decided that it would be easiest and the least work it I did
not move the net but map it to an other ip-range for the outside.
It would make sense to do this on my openbsd firewall, which is
at the same time a peer in the VPN network.
My local net is 192.168.1.0/24, I want it to look like
192.168.31.0/24.
So I configured the VPN to tunnel packages from and to
192.168.31.0/24 as a peer local net. To map my net I have this
ipnat.rules:
map de1 192.168.1.0/24 -> 195.84.105.112/32 proxy port ftp ftp/tcp
map de1 192.168.1.0/24 -> 195.84.105.112/32 portmap tcp/udp 40000:60000
map de1 192.168.1.0/24 -> 195.84.105.112/32
bimap enc0 192.168.1.1/32 -> 192.168.31.1/32
bimap enc0 192.168.1.10/32 -> 192.168.31.10/32
bimap enc0 192.168.1.11/32 -> 192.168.31.11/32
bimap enc0 192.168.1.100/32 -> 192.168.31.100/32
It does not work though. no packages get through. It worked well
before the address maping, so I am pretty certain, that this is
the point where it brakes.
Has someone done this before? Who can help me?