From: Brian A. Seklecki <lavalamp@sp...> - 2007-04-27 15:32:00
So after a few hours of sleep, here is what I've found with the IP/IPSec
stack in NetBSD.
I was curious how routing is handled between internal and external hosts
to logically assigned IP pools that arn't know via any particular directly
E.g., vpn client pools don't actually show up in the routing table; so how
are they "known"?
In a standard two-interface VPN concentrator config, with a DMZ interface
with a routable address and an "internal" interface with an RFC1918
-) Internal routing to an IP Pool can be done by announcing the IP pool
space is reachable via the IP of the internal interface
-) The IP Pool space _cannot_ overlap subnets assigned to the concentrator
via locally connected; this breaks ARP as expected
-) An anchor at the start of your pool subnet can be assigned as:
- An alias to int lo0
- A /32 to int lo1
-) Clients can communicate with each other in unicast mode
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
Get latest updates about Open Source Projects, Conferences and News.