Thread: Route to enc0
View Single Post
  #1   (View Single Post)  
Old 30th May 2015
WeakSauceIII WeakSauceIII is offline
Port Guard
 
Join Date: May 2008
Posts: 36
Default Route to enc0

So its been 6 years of problem free BSDing but im back.....

I have a remote network (amazon virtual private cloud) attached to my BSD gateway via ipsec in tunnel mode. I can access the internet thru my gateway and I can also access any server in that remote 10.x network from my home 192.x network. My question is how do you route to enc0? I have set the 10.x netowrk at amazon to use the VPN as the default gateway so traffic goes from 10.x server, across vpn to my 192.x bsd gateway. this traffic is then natted out to the internet, hits the remote destination, and the replies come back. Problem is my ipsec tunnel is

ike esp from 192.168.0.0/24 to 10.0.1.0/24

so when traffic is de-natted it is $externalIP - > 10.x instead of $internalIP - > 10.x so ipsec policy doesn't match and packet never gets back into enc0 or across the tunnel

Seems to me like the solution is to tunnel this traffic (gif0) so i can route it but the problem is i do no have access to the remote vpn server to configure any kind of tunnel interface on the far side. Any suggestions on how one would route return traffic into the ipsec tunnel in this case?
Reply With Quote