[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    How to UDP packets from DMZ LAN to IPsec tunnel
From:       Martin <martingot () protonmail ! com>
Date:       2020-11-26 18:56:34
Message-ID: Wi9hn6z5Y8YtVnYQzXTbJDcpLspZ3LIztW_rqT0hKwGG_lPTQGmn7_matScUxmF7vpq_Aambr1w26TGC2oV5TEH8eSVqzlrdJtQYmgwyVVw= () protonmail ! com
[Download RAW message or body]

Hello,

I'm looking for a way to have UDP packets transmitted over system wide IPsec tunnel \
from LAN 10.0.200.0/16 machine with IP 10.0.200.4 like below:

PC 10.0.200.4 UDP => NAT to IPsec IF => IPsec VPN tunnel => GW to Internet

Now I have only TCP working with relayd proxying when IPsec VPN tunnel is connected \
like shown below:

PC 10.0.200.4 TCP => relayd 10.0.200.1 => NAT to IPsec IF => IPsec VPN tunnel => GW \
to Internet

I don't know why, but direct TCP/UDP connections don't work at all from LAN machines \
trough global NAT to IPsec IF. Even TCP works trough relayd proxy.

The same global NAT rule to egress (without IPsec VPN tunnel) works as expected and \
all UDP/TCP traffic go to Internet without any additional manipulations.

Please advise what can be wrong or misconfigured.

Martin


[prev in list] [next in list] [prev in thread] [next in thread]