> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Helio Santana > Sent: Tuesday, August 02, 2005 8:58 AM > To: misc@openbsd.org > Subject: VPN behind a router > > Hi, > first excuse my english, please. > > I'm trying to make a VPN between 2 computers with OpenBSD behind a > router that connected to internet (See schema) > > Private LAN4 ------ OBSD_4 ---- Router_4 ---- Internet ---- Router_5 > ----- OBSD_5 ---- Private LAN5 > > Every OBSD has 2 net cards 1 connected to router, and the other to the > hub in private lan. > > I have made all steps explained in "man vpn". > My private Lan's are 192.168.4.0/24 and 192.168.5.0/24. The Lan > between OBSD and router's are 192.168.41.0/24 and 192.168.51.0/24. > > Routers redirect all incoming trafic to his respective OBSD and have > his Firewalls disabled. > > External IP Router_4 is A.B.C.D, External IP Router_5 is W.X.Y.Z > > All computers in LAN4 has access to internet and can make a ping to > W.X.Y.Z... > > I can make an ssh connection from OBSD_4 to OBSD_5... even from an > conection from Internet.... I can make a ping, etc. > > The only way I have make possible to connect the VPN is configuring > routers as modems (I don't know whats the name of this in english, in > spanish 'monopuesto'). > > But I need to do configuring both routers as routers (in spanish > 'multipuesto'). > > Thanks in advance, > Helio.
It appears that the VPN is passing through NAT, which can break standard VPN setups. Part of IPSec is AH, which checks to make sure that the headers are not modified in a strange way. NAT modifies the packets as they leave by replacing the return IP address. One common way around this is to reduce security and use ESP only.
