DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd November 2009
bug0r bug0r is offline
New User
 
Join Date: Jan 2009
Posts: 3
Default PF question

Hi to all!!!
Please help!
I have a question!
I have two OpenBSD routers. Between them is the VPN. 1st router has access to the Internet. Behind 2nd router I have a LAN. How to give access to the Internet for the LAN through 1st router?

Thanks to all!
Reply With Quote
  #2   (View Single Post)  
Old 22nd November 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Code:
  internal Lan I
       |
       |
-------|------------
    internal
           
    router I
        
    external
-------|-\----------
       |  \
       |   \
      VPN   \
       |     \ INTERNET
       |
-------|------------
    external
           
    router II
        
    internal
-------|------------
       |
       |
       |
  internal Lan II
Which internal LAN needs internet access? Internal Lan I or II ?
The VPN is not a tunnel under/via the Internet?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 23rd November 2009
bug0r bug0r is offline
New User
 
Join Date: Jan 2009
Posts: 3
Default

Internal LAN II needs access to Internet. VPN is a tunnel via Internet.
Reply With Quote
  #4   (View Single Post)  
Old 23rd November 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

You have not given us enough information to help you.

What VPN technology are you using? IPSec? OpenVPN? PPTP? Something else? OS Release? VPN technology release if applicable?
Reply With Quote
  #5   (View Single Post)  
Old 23rd November 2009
bug0r bug0r is offline
New User
 
Join Date: Jan 2009
Posts: 3
Default

I use IPSec. Obsd ver 4.5 and 4.4
Reply With Quote
  #6   (View Single Post)  
Old 23rd November 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

-If- I understand what you are asking for, you want users in LAN II to -not- use their own internet connection, but instead, use the internet connection in LAN I?

This is a routing issue, discussed in some detail recently in http://marc.info/?t=125331466600001&r=1&w=2
Reply With Quote
  #7   (View Single Post)  
Old 23rd November 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

I think configuring a web/net proxy like Squid in Lan I would be the easiest.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #8   (View Single Post)  
Old 23rd November 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

It is possible that route-to on each applicable pass rule would be sufficient.
Reply With Quote
Reply

Tags
routing, vpn

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
external drive partition question + fdisk question gosha OpenBSD General 15 15th June 2009 02:00 PM


All times are GMT. The time now is 09:59 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick