> > Hello Folks,
> > I have the following situation:
> > VPN Tunnel 1 VPN Tunnel 2
> > 184.108.40.206 ============ 220.127.116.11 ============= 18.104.22.168
> > Gateway A Gateway
> > B Gateway C
> > I need all clients coming from gateway C to be able to use the vpn
> > tunnel 1, so I have the following rule on Gateway B:
> > iptables -t nat -A POSTROUTING -s 22.214.171.124 -d 126.96.36.199/24 -o
> > eth0 -j MASQUERADE
> > But does not work, what I'm missing here?
> > Note: doing tcpdump host 188.8.131.52 on Gateway B and trying to ping
> > or telnet from Gateway C seems to work. I don't have access to Gateway
> > A, so I can't verify if the packets get to Gateway A.
> > I would really appreciate if you can help me fix this or find an other
> > job ;)
> The masquerade may be an overkill, unless you need to limit
> the visibility of the subnets to the other end of the tunnel.
> Did you:
> - tell gateway A that VPN tunnel 2 is reachable via VPN tunnel 1?
I don't have access to administration on Gateway A. The reason why we
need this is that we wanted to save time to use a temporary tunnel but
in the future (in couple months) they will provide us with a tunnel
between Gateway A and Gateway C.
Quote:> - tell VPN tunnel 2 end that gateway A and the nets behind it
> are reachable via gateway C?
It already knows that. tcpdump on gateway B shows that Gateway C is
talking to Gateway A via Gateway B.
> - enable forwarding at gateway C?
Yes it is enabled.
> Tauno Voipio
> tauno voipio (at) iki fi
Thanks a lot for your reply :)