Quote:
In his initial post, raghavhosur states that he's been assigned a particular IP address to serve as the source address for any communication with the remote network. He also mentions one of the IP addresses he needs to reach in that network, but there may be others. By using the "-o tun0" option, we ensure that all traffic going through the tunnel is NATed behind the correct address. If the tunnel definition covers other addresses, traffic to those addresses are NATed as well. The "-d <address>" option, however, only works for that one specific destination address, and the NAT rule will have to be modified should the tunnel definition ever change. I say leave it to the VPN software to decide what goes through the tunnel or not, and tie the NAT rule to the tunnel interface. |
All times are GMT -5. The time now is 06:27 PM. |