Hi,
I have the problem to set up an OpenBSD 3.8
VPN Router with the following Network configuration:
_______
| |
10.0.0.0/8 ---| Box 1 |______ _____
|_______| | | |
_______ |_____|OBSD |____ 192.168.0.0/24
| | | |_____|
10.0.0.0/8 ---| Box 2 |_____|
|_______|
On OpenBSD two isakmp daemons are running each of which
is able to make the connection to one of the external
VPN Routers with its own isakmpd.conf file.
I thought it is possible to direct the traffic from Box 1
through the enc0 interface and the traffic from Box 2
through the enc1 interface and source nat the two 10.0.0.0/8
networks to 11.0.0.0/8 and 12.0.0.0/8.
But all traffic goes through enc0 and it seems it's not
possible to distinguish between the two 10/8 networks on
OBSD.
When I start the two isakmpd one after another the last one wins
in the netstat -rn encap routing table.
"ipsecadm show" lists both Connections (4 SA).
If i make a ping through the Box which has the routing Table entry
(e.g Box 1) everything works well. If i make the ping through the other Box
the request goes to the destination in the 192.168.0.0/24 network,
but the reply goes out through Box 1.
Does anybody know how to distinguish between the two flows?
Of course it would be possible to NAT the two 10/8 networks
on Box 1 and 2.
Thanks in advance
Ingbert
