Existing setup: Head Office: WAN IP=165.x.y.z LAN = 172.22.22.0/24 Extranet gateway = 10.x.y.1
Branch Office: WAN IP=150.x.y.z LAN= 172.22.23.0/24 IPsec endpoints are OpenBSD firewalls and LAN to LAN connectivity is fine. My challenge is to get traffic to pass from a host on the Branch LAN over the IPsec tunnel to a host on the Extranet via gateway 10.x.y.1. If I could add a route entry that used the LAN IP of the H/O firewall life would be easy but of course addresses the are only visible through IPsec don't appear in the routing table to be used as the next hop. Is there a way to do this using either route or pf or ipsec itself? Some other method? I have to be able to get traffic to several hosts on the extranet (and get the replies back!) and they are only reachable via the extranet gateway on the head office firewall. Cluestick, anybody? Rod/ "Write a wise saying and your name will live on forever." - Anonymous
