On Fri, Jun 06, 2008 at 08:22:54AM -0400, Richard Daemon wrote: > On Thu, Jun 5, 2008 at 6:36 PM, Matt Garman <[EMAIL PROTECTED]> wrote: > > On Thu, Jun 05, 2008 at 03:07:30PM +0200, Almir Karic wrote: > >> On Wed, Jun 4, 2008 at 5:49 AM, Matt Garman <[EMAIL PROTECTED]> wrote: > >> > What I'd like to do is have my OBSD box to NAT on the tun device > >> > (VPN tunnel). I.e., so I can use the VPN connection seamlessly > >> > from any system on my home network. > >> > >> basically you want to route your traffic encrypted to your home > >> and than let it to internet? to do this kind of a thing i'm using > >> openvpn in bridged mode and all NAT-ing is done on external > >> interface, the gateway does not differ between vpn client and > >> local client). it should be noted that people on this list tend to > >> prefer ipsec over openvpn. > > > > I don't think that's exactly what I want... but perhaps I don't > > fully understand you. > > > > I believe, in the most general sense, I want to NAT across two > > interfaces. So, if I'm on one of my home computers, and I try to > > access IP xxx.xxx.xxx.xxx, then: > > if xxx.xxx.xxx.xxx is part of the VPN network, NAT on the VPN > > device (tun0) > > otherwise NAT to the Internet (vr0) > > > > It seems like this ought to be pretty trivial, but I'm clearly > > missing something! > > > > Thank you, > > Matt > > > > > > Have you checked your routing table? > > Maybe you're just missing or need a route to the VPN network, from > your internal network for when you want to access anything on the > VPN network from home.
I did check my routing table, and everything looks as I'd expect. vpnc actually sets this up automatically. That is, the route for the VPN network is set to tun0. Does "order" matter? I.e., if I run vpnc after loading the pf rules versus starting vpnc before pf? In the experimentation I've done, it doesn't seem to matter, but maybe I overlooked something. Anyway, thanks again, Matt
