[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd, VPN-default gw, dhcrelay probs

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: isakmpd, VPN-default gw, dhcrelay probs
From: Leif Larsson <leif_(_dot_)_larsson_(_at_)_l3system_(_dot_)_se>
Date: Mon, 08 Nov 2004 15:05:15 +0100

I have a setup where openbsd1 box is routing all traffic (0.0.0.0/0)
from lan1 to lan2 with isakmpd.

Everything ok so far (ping etc is working).

Now i want to setup a dhcrelay on the internal if (sis0) on lan1 so that
all dhcp-requests get routed to dhcpserver on lan2.

I can see the replies from the dhcpserver exiting enc0 on openbsd1 but i
cannot see them leaving the internal if on openbsd1.

Details:
I have set up two bypass flows (-in and -out) on openbsd1 to be able to
connect internal if with local net hosts.
ipsecadm flow -bypass -in -addr "lan1_addr" "lan1_addr"
ipsecadm flow -bypass -out -addr "lan1_addr" "lan1_addr"

I have also set up a route on openbsd1:
route add "lan2" "internal_if_addr_lan1"

Maybe the x-tra flows and the route seem a bit strange, but keep in mind
that im routing everything (0.0.0.0/0) from lan1 via the tunnel.

Ping is working for all involved hosts
No packet filters
OpenBSD 3.4
dhcrelay from ISC-DHCP 3.0.1 compiled from source. (verified working),
started with either:
"dhcrelay "internal_if_lan1_addr" "dhcpserver_lan2" or
"dhcrelay "dhcpserver_lan2"


Thanks a lot for any ideas,

/Leif

Prev by Date: Re: arguments about OpenBSD's Security
Next by Date: Re: GigE recommendations
Previous by thread: Re: kdm setup on 3.6
Next by thread: Expieriences in isakmpd with more than 150 SA's
Index(es):
- Date
- Thread

Visit your host, monkey.org