Hello list,

I need to provide internet access through a proxy server on a central office to a remote Lan on a branch office (LAN-B). Also there is an internal server that LAN-B machines should reach. Below there is a simple diagram.

Right now I have an IPsec VPN tunnel between offices, and LAN-B can acces LAN-A machines without problems. But LAN-B machines can't access the remote proxy or the internal server on a different LAN. Pings from a LAN-B PC to the PROXY server actually reach the proxy but answers get stuck on the VPN-Gateway-A. VPN-Gateway-A says to the proxy server that network LAN-B is unreachable.

I am really confused. Both, router and VPN-Gateway-A knows how to reach LAN-B machines. I think that this behavior is due to the fact that VPN tunnel is up only for packets between LAN-A and LAN-B, so packets from the proxy server (on a different LAN) doesn't get routed to the tunnel. And since this, VPN-Gateway-A doesn't know how to reach LAN-B.

All routers, proxy and VPN gateways are Centos based PCs. VPN gateways have Centos IPSEC implementation.

Maybe IPsec is not appropriate on this case. Maybe openvpn fits better.

[internet] | (proxy) (internal server) | [LAN] | (router) | [LAN-A] | ((VPN-Gateway-A)) | [wifi link] | ((VPN-Gateway-B)) | [LAN-B]

Hope it is clear enough.

-- Mr. Vandeley.