PS; Its also not limited to netcat (if it were I would just use the -s
switch on netcat)..
I have other daemons on the remote firewalls that I need to also 'phone
home', and so I believe I need to do it by either changing/adding the
VPN policies or packet mangling with PF..
I'd rather not have to create extra tunnels or define VPN policies with
subnets which have prefixes wider than the internal LANs.
That leaves mangling, but I cannot see how I would do the mangling in PF
to make it work without doing a redirect through the loopback etc.. Just
wondering if anyone knows of a cleaner way?
thanks :)
On 04/07/13 14:08, Anders Berggren wrote:
When I try to do a ping or otherwise on the remote firewalls to the head office
lan, I get a 'no route to host' error which implies that the IPSec vpn policy
route which can be seen in the 'route show' is not being used as the source IP
of the ping/payload is not going to have the firewalls internal LAN addres to
match the policy route etc..
Perhaps you've created flows from our LAN network range only? If so, for a ping
to work, you need to specify the local IP, like
ping -I 192.168.1.1 192.168.2.1
Make sure you originate the traffic from an IP included in the flow
specification.
