I misunderstood your implementation. NAT on router_{4,5} is likely the
culprit - if it is doing NAT. If can pull the NAT functionality in to
the OBSD boxen, and make router_{4,5} simply route, then this would
work. You will need ideally 3 'real' IPs on the Internet for each site
to do this though, although you could probably get away with 2.router = 1 IP OBSD = 2 IPs (a main fw external IP, and an external alias for the IPSEC interface.) -C > -----Original Message----- > From: Helio Santana [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 02, 2005 10:21 AM > To: Barry, Christopher > Subject: Re: VPN behind a router > > > I think you mean 'bridge' > I dont know if bridge is the same as 'monopuesto'... 'monopuesto' is > the way to do OBSD gets by DHCP the external IP of my router, as a > modem conected to a computer... this means 'bridge'? I dont know... > > > Q: how can 'rdr' function with pf disabled? > > PF is enabled and I send a sample in last mail. But I see a little > light at the bottom of my tunnel... what 'rdr' line I need in every > OBSD?... Ops, sorry... but in sample dont says nothing about 'rdr'... > ohhh no, I must be a 'RTFM man'... jajaja. What rdr should be? > Thanks, Helio.
