On 3/5/2013 10:18 PM, Edward Ned Harvey (openindiana) wrote:
From: Doug Hughes [mailto:[email protected]]
2) explicitly set the route for 192.168.10.x :
route add 192.168.10.0/<mask> 192.168.2.1
That's what I'm saying I have already done. I set the default route to
192.168.1.1, and I set a static route, 192.168.10.x/24 via 192.168.2.1. The
route is in effect, as evidenced:
For simplicity, let's say 192.168.1.1 has MAC 11:11:11:11:11:11 and let's say
192.168.2.1 has mac 22:22:22:22:22:22.
When I ping something on the internet, I see a packet go out my NIC, source IP
192.168.1.100, destination MAC 11:11:11:11:11:11 and destination IP 8.8.8.8.
It all works, I get a ping response.
When I ping 192.168.2.1 directly, I see a packet go out my NIC, source IP
192.168.2.100, destination MAC 22:22:22:22:22:22 and destination IP
192.168.2.1. It all works, I get a ping response.
When I ping something on the other end of the VPN, I see a packet go out of my
NIC, source IP 192.168.1.100, destination MAC 22:22:22:22:22:22 and destination
IP 192.168.10.10 (or whatever.) The firewall drops the packet, because duh,
the source IP isn't in the same subnet as the firewall.
I am also exploring the NAT option, assuming I'm not going to be able to
resolve the above problem.
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
is it the same if you use something other than ping?
Does it work correctly if you use ping -i to specify the source interface?
Another option may be tagged vlans. Supporting a separate tagged
interface would be very clear for the host. It would appear as a totally
separate layer2 so there'd be no chance for mac reuse. That's only if
your router can support that too, however...
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
