On Thu, Oct 09, 2008 at 12:01:14AM +0200, Sascha Reiszner wrote: > Am Montag, den 06.10.2008, 10:05 -0500 schrieb Jason Voorhees: >> But users from differents networks (192.168.2.0/24, 192.168.3.0/24, >> etc.) can't browse the Internet. Those networks are connected to >> 192.168.1.0/24 via a VPN connection. > I think the end of the tunnel from VPN is not the device eth2. > The tunnel ends normaly at a bridge (br#) or a virtual device (like tun# > or tap#). Note that this is not true if the VPN is created using the IPSec protocol with the kernel IPSec-Stack. In this scenario packets seen to arrive twice at the interface: First the encrypted packet, then the decrypted packet (but only if the first does not get dropped). Stefan -- "A troll. Stupid but hard to fool. I'm afraid i shall have to try the truth" "Vy vill zat vork?" "He's a Policeman The truth usually confuses them. They don't often hear it." (William and Otto) [Terry Pratchett, The truth]
Attachment:
signature.asc
Description: Digital signature