[CentOS] IPSEC tunnel for remote internet access

Mr.Vandeley mr.vandeley at gmail.com
Sun Jan 18 20:46:29 UTC 2009

Hello list,

I need to provide internet access through a proxy server on a central
office to a remote Lan on a branch office (LAN-B). Also there is an
internal server
that LAN-B machines should reach.
Below there is a simple diagram.

Right now I have an IPsec VPN tunnel between offices, and LAN-B can
acces LAN-A machines without problems. But LAN-B machines can't access
the remote proxy or the internal server on a different LAN. Pings from
to the PROXY server actually reach the proxy but answers get stuck on
the VPN-Gateway-A.
VPN-Gateway-A says to the proxy server that network LAN-B is unreachable.

I am really confused. Both, router and VPN-Gateway-A knows how to
reach LAN-B machines. I think that this behavior is due to the fact
that VPN tunnel is up only for packets between LAN-A and LAN-B, so
packets from the proxy
server (on a different LAN) doesn't  get routed to the tunnel. And
since this, VPN-Gateway-A doesn't know how to reach LAN-B.

All routers, proxy and VPN gateways are Centos based PCs. VPN gateways
have Centos IPSEC implementation.

Maybe IPsec is not appropriate on this case. Maybe openvpn fits better.

(proxy) (internal server)
[wifi link]

Hope it is clear enough.

Mr. Vandeley.

More information about the CentOS mailing list