PF question

[bug0r]

Hi to all!!!
Please help!
I have a question!
I have two OpenBSD routers. Between them is the VPN. 1st router has access to the Internet. Behind 2nd router I have a LAN. How to give access to the Internet for the LAN through 1st router?

Thanks to all!

[J65nko]

Code:

  internal Lan I
       |
       |
-------|------------
    internal
           
    router I
        
    external
-------|-\----------
       |  \
       |   \
      VPN   \
       |     \ INTERNET
       |
-------|------------
    external
           
    router II
        
    internal
-------|------------
       |
       |
       |
  internal Lan II

Which internal LAN needs internet access? Internal Lan I or II ?
The VPN is not a tunnel under/via the Internet?

[bug0r]

Internal LAN II needs access to Internet. VPN is a tunnel via Internet.

[jggimi]

You have not given us enough information to help you.

What VPN technology are you using? IPSec? OpenVPN? PPTP? Something else? OS Release? VPN technology release if applicable?

[bug0r]

I use IPSec. Obsd ver 4.5 and 4.4

[jggimi]

-If- I understand what you are asking for, you want users in LAN II to -not- use their own internet connection, but instead, use the internet connection in LAN I?

This is a routing issue, discussed in some detail recently in http://marc.info/?t=125331466600001&r=1&w=2

[J65nko]

I think configuring a web/net proxy like Squid in Lan I would be the easiest.

[jggimi]

It is possible that route-to on each applicable pass rule would be sufficient.