From owner-freebsd-pf@FreeBSD.ORG Wed Feb 22 13:26:50 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29ECE16A437 for ; Wed, 22 Feb 2006 13:26:50 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C1A143D55 for ; Wed, 22 Feb 2006 13:26:47 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.252]) by smtp.nildram.co.uk (Postfix) with ESMTP id 0B854258907 for ; Wed, 22 Feb 2006 13:26:40 +0000 (GMT) From: "Greg Hennessy" To: Date: Wed, 22 Feb 2006 13:26:53 -0000 Message-ID: <000001c637b3$a54b0a70$0a00a8c0@thebeast> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcY3sBVu3WcCdc32TbmzoC3m7p7LFgAA2Ucg In-Reply-To: <1140612265.5617.25.camel@localhost.localdomain> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-OriginalArrivalTime: 22 Feb 2006 13:26:53.0862 (UTC) FILETIME=[A54D5460:01C637B3] Subject: RE: Dirty NAT tricks X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2006 13:26:50 -0000 How is this a problem ? Surely the default route is through the tunnel interface when the tunnel is up ? I fail to see how this 'breaks things horribly'. > > "You have a corporate LAN. You want to set up a VPN (in this case > OpenVPN) into the LAN for your road-warriors. However, your > LAN is numbered with one of the very common private subnets, > such as 192.168/16. Your road-warriors often get addresses in > the same private subnet from their coffee-shops, and this > breaks things horribly."