Got several questions at once:
1) Why not use VNICs to avoid the MAC-related problem altogether?
2) Can you run the VPN client on the client computer so that it "has"
an IP address of the corporate net and cares not about the home IP
routing? It can have routes to other corporate nets via the router
(and maybe NAT) provided by the VPN server, and to the corporate
net it would seem like one of their own addresses.
3) On OI you can use IPFilter to cause packets going out of one
interface with a matched source/dest address, to be re-issued on
another. I don't think it would work with aliases, but may help
if the problem continues with VNICs. Roughly so:
# enforce that packets coming out of an interface go to the correct subnet
# rhetoric question: does this skip the firewall rules below in the file?
block out quick on e1000g0 to e1000g81000:81.x.x.1 from 81.x.x.0/24 to any
block out quick on e1000g81000 to e1000g0:192.168.y.2 from ! 81.x.x.0/24
to any
Technically this duplicates matching packets on another interface,
destines them to given host (router or IDS usually) and in this
case blocks the original (in case of IDS inspection - allows).
HTH,
//Jim
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
