RE: Need assistance with hardware router and proper openVPN routing

Hi all,

Attempted setup of openVPN a number of months ago and never got
finished, actually never really got started as other projects came up
and there was a serious lack of time. I will quickly state the point I
am at and then pose my question.

I currently have two VPN server endpoints, one in my office and one in
a remote office. They are both just arbitrary machines on the network.
They are both set up to use a pre-shared key and the rest of the config
details are pretty much according to the routed howto on the openVPN
website. Neither of the openVPN machines are acting as gateways for the
internal networks. I can get the two openVPN machines to connect to each
other and I can ping each of them from the other end. 

This is all good, now for the question part.

Both of the networks, my office and the remote office, are "protected"
by hardware routers. These routers are currently acting as the offices
gateways and do all of the NAT that needs to be done. They will not
allow the entry of static routes and therefore will not properly deal
with traffic intended for the openVPN tunnel. I cannot get rid of these
routers so I figured that my only option was to build a gateway machine
for each end that will sit behind each of the routers and direct the
traffic accordingly. It is also my thought that I will run openVPN on
the gateway machines as well. 

Here is my problem/question: How do I do that? All resources I have
found, including the openVPN howto's, to me anyway, assume that any
gateway you are using is connected directly to the Internet, again, mine
will be sitting behind a router that will connect to the Internet. Both
the NICs in the gateway will have internal address's. 

I am really just not sure how to accomplish this task. I am very new to
VPN's, iptables, and routing and could use any pointers anyone has to
offer.

I really need to get this system setup and running for the office and
could use all the help I can get.
Thanks
Michael Kelly


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com