Thus, as far as gateway-A is concerned, the connection between A and B is never set up, and further traffic from client A to client B on that connection is blocked. This means that gateway-A will never see the TCP SYN-ACK from client B. ![]() Since the VPN server A is on the same network as client A, any packet routed over the VPN will be delivered directly to client A, and NOT through gateway-A. In the diagram provided, it appears that traffic from client A to client B is routed over the interconnecting network directly (unencrypted) (because client A's gateway is gateway-A) and traffic from client B to client A is routed over the VPN (because client B's gateway is vpn-server-B). I've no info on / experience with the firewall or VPN you're using, so more detail is hard to offer. It suggests that either there is a routing problem (more info below), or a config problem with the firewall. ![]() This suggests to me that the connection tracking on the firewall isn't working as you might expect.
0 Comments
Leave a Reply. |