[CentOS] IPSEC tunnel for remote internet access

Sun Jan 18 20:46:29 UTC 2009
Mr.Vandeley <mr.vandeley at gmail.com>

Hello list,

I need to provide internet access through a proxy server on a central
office to a remote Lan on a branch office (LAN-B). Also there is an
internal server
that LAN-B machines should reach.
Below there is a simple diagram.

Right now I have an IPsec VPN tunnel between offices, and LAN-B can
acces LAN-A machines without problems. But LAN-B machines can't access
the remote proxy or the internal server on a different LAN. Pings from
a LAN-B PC
to the PROXY server actually reach the proxy but answers get stuck on
the VPN-Gateway-A.
VPN-Gateway-A says to the proxy server that network LAN-B is unreachable.

I am really confused. Both, router and VPN-Gateway-A knows how to
reach LAN-B machines. I think that this behavior is due to the fact
that VPN tunnel is up only for packets between LAN-A and LAN-B, so
packets from the proxy
server (on a different LAN) doesn't  get routed to the tunnel. And
since this, VPN-Gateway-A doesn't know how to reach LAN-B.

All routers, proxy and VPN gateways are Centos based PCs. VPN gateways
have Centos IPSEC implementation.

Maybe IPsec is not appropriate on this case. Maybe openvpn fits better.



[internet]
   |
(proxy) (internal server)
   |
[LAN]
   |
(router)
   |
[LAN-A]
   |
((VPN-Gateway-A))
   |
[wifi link]
   |
((VPN-Gateway-B))
   |
[LAN-B]

Hope it is clear enough.

--
Mr. Vandeley.