Access VPN terminated to LAN in filtered bridge setup

From:	Chris Taylor <chris at x dash bb dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Access VPN terminated to LAN in filtered bridge setup
Date:	Wed, 05 Apr 2006 22:11:35 +0100

Hi,

I don't think I've seen this one covered elsewhere, but I hope someone 
can help me :)

I have a m0n0 on WRAP, setup as per:
http://doc.m0n0.ch/handbook/examples-filtered-bridge.html

... at a colo facility. The LAN interface is connected to nothing at all 
but I have an IPSec tunnel terminated to it for remote management and 
SNMP purposes. This is all working beautifully.

What I'd like to do is allow my servers (on OPT1) to access a CVS server 
at the remote end of my IPSec tunnel. Is this possible? At present a 
ping or traceroute from one of my servers gets routed out the WAN 
interface and lost in the colo's network. For the sake of testing, the 
ruleset on the OPT1 interface allows all outbound traffic from my servers.

Basically, I need to allow traffic to 192.168.0.8:2401 to go through the 
IPSec tunnel. Is this a NAT issue? Static routes? As an additional 
complication, I can't really afford to randomly test things that might 
take the IPSec tunnel down or otherwise break my connectivity to it, my 
guy at the colo company won't be too happy if I phone him and tell him 
to get his laptop out ;)

Thanks in advance,

Chris Taylor