Routing all traffic through IPSEC VPN

Matt S Wed, 20 Apr 2011 09:55:34 -0700

Hello @misc

I seem to still be having some problems but I have made progress.  The branch 
office cannot get out to the internet at large which I think may be a NAT 
problem.  At least, when changing the default route on the branch office, I 
don't lose connectivity to it.  On the branch office, the routing tables don't 
display unless I use netstat -rn -f inet.  I also cannot traceroute.  Kindly 
advise what pf rules and additionaly static routing is appropriate.


--Main Office--
# The main office has a PPPoE connection to the internet
cat /etc/pf.conf:
pass all
match out on tun0 from 10.40.60.0 to any nat-to (tun0)

cat /etc/hostname.gre0:
inet 172.16.254.1 255.255.255.255 172.16.254.2 link0 up
tunnel hq.valleybusinesssolutions.us vps.valleybusinesssolutions.us

route add -net 10.40.65.0/24 

netstat -r:
Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            phnx-dsl-gw55-247. UGS        3    45750     -     8 tun0
10.40.60/24    link#1             UC         1        0     -     4 em0
10.40.60.3         00:24:2c:07:d4:d0  UHLc       2    25728     -     4 em0
10.40.65/24        172.16.254.2       UGS        0      110     -     8 gif0
phnx-dsl-gw55-247. 71-223-156-37.phnx UH         1        8  1492 4 tun0
loopback           localhost          UGRS       0        0 33200     8 lo0
localhost          localhost          UH         0        0 33200     4 lo0
172.16.254.2       172.16.254.1      UH         1      68     -     4 gif0
BASE-ADDRESS.MCAST localhost          URS        0        0 33200     8 lo0


--Branch Office--
# The branch office has a cable-based internet connection
cat /etc/pf.conf:
pass all
match out on em0 from 10.40.65.0 to any nat-to(em0)

cat /etc/hostname.gre0:
inet 172.16.254.2 255.255.255.255 172.16.254.1 link0 up
tunnel vps.valleybusinesssolutions.us hq.valleybusinesssolutions.us

route add -host hq.valleybusinesssolutions.us 206.125.169.97 #206.125.169.97 is 
the ISP's gateway
route change default 172.16.254.1

netstat -rn -finet
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            172.16.254.1    UGS        0       98     -     8 gif0
10.40.65/24        link#4            UC         0        0     -     4 vether0
71.223.156.37      206.125.169.97 UGHS       0      201  -     8 em0
127/8              127.0.0.1          UGRS       0        0 33160     8 lo0
127.0.0.1          127.0.0.1          UH         1        2 33160     4 lo0
172.16.254.1       172.16.254.2       UH         2       91     -     4 gif0
206.125.169.96/29  link#1             UC         2        0  -     4 em0
206.125.169.97     00:0d:65:ab:c8:bf  UHLc       1        0     -    4 em0
206.125.169.98     52:54:00:27:26:22  UHLc       0        0    -     4 lo0
224/4              127.0.0.1          URS        0        0 33160     8 lo0

Thank you again,
Matt

Routing all traffic through IPSEC VPN

Reply via email to