View Single Post
Old 10th November 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I said it way back in post#11, and I'll say it again. It looks like you need to add routes. You haven't published your routing tables, but follow along with me, and see if it makes sense.

Without any VPN:

A machine on the 10.1 network wants to send a packet to a machine on the 10.2 network. Oh, that's easy. It's not on this subnet, so I'll route it to my default route. Which happens to be one of the OpenBSD routers.

The router than says to itself, I don't know where the 10.2 network is, so I'll use my default route. Your ISP sees a packet come for a 10.x address and drops it.

----

Now, add back in the VPN. ESP appears AFTER the IP header. So routing must be established between 10.1 and 10.2 by the gateways. Otherwise, the packets are still going to go to your ISP destined for 10.2 and be dropped.

The router in front of 10.1 needs to have routes to 10.2. and 10.3, the router at 10.2 needs routes added for 10.1 and 10.3, etc.

Unless I'm bonkers (and of course, I might be). But you've been mucking about for weeks, perhaps a month, and getting nowhere.

Try establishing routes between the subnets.
Reply With Quote