Steven S wrote: > I'm using a pair of 3.8-stable (1/5/06) servers as the firewall and > default gw (10.10.0.1/16) for a LAN . VPN users (10.4.0.0/16) come > into the LAN from a PIX (10.10.0.254/16) (changing soon to OpenVPN), > and when the VPN users hit a server return packets are sent to the > default gw. I was expecting the OpenBSD server to generate an ICMP > redirect and all would be well. Unfortunately that is not happening. > Instead the firewall is sending a host unreachable (yet the fw can > ping the VPN host). > > Any pointers would be appreciated.
I know this is not the answer to your question and I'd like to hear how you wind up getting the OpenBSD box to send the redirects you are looking for, but relying on redirects to do your routing for anything length of time is asking for trouble IMHO. You might just be better off, temporarily, putting the PIX behind the OpenBSD box if possible or, if the servers are few, modifying their local route tables until the new VPN solution is in place.
