Em 06-10-2015 10:35, Markus Rosjat escreveu: > as the subject states is it possible to do that ?
Yes, it is. > My tunnels working from the 3rd subnet in each of the other 2 subnets > and back from then. I really want to connect from subnet 1 to subnet 2 > over the enpoint in the 3rd subnet. Are you setting up the routes correctly? > > subnet 1 <---> subnet 3 ; works fine > subnet 2 <----> subnet 3; works fine > subnet 1 <---| subnet 3 |----> subnet 2; isn't working You should send/setup in the subnet 1 a route to subnet 2 using the subnet 3 router as gateway. The same for subnet 2, otherwise the packets won't get back. > > all 3 endpoints running openBSD and ipsec, some advice would be cool I don't know about doing this using ipsec, as I already mentioned, you need configure the routes. There are also PF rules needed, and, if any of the subnets aren't using the OpenBSD as their gateway, you might need some nat. It's worth mentioning that OpenVPN has this functionality with their client-to-client directive. Even them some routing/firewalling is required. Just keep in mind that if these subnets are connected through the internet, making all of them pass through the subnet 2, will slow things down. Cheers, Giancarlo Razzolini
