[OpenAFS] Wrong paket path between two afs servers

[Ralf Hornik Mailings]

Dear list,

I have two afs servers connected directly through a VPN tunnel.
Both servers should talk together using their VPN IPs:

server1 10.0.0.2
server2 172.16.0.2

server1 is connected to the internet behind a firewall
server2 is connected to the internet directly (on the other side of the 
world)

CellServDB holds only this two addresses for this cell.

When I try to access a volume residing on server2, the client hangs and 
the firewall log shows that server 2 tries to connect over its public IP 
port afs3-fileserver to my firewall to a high port.
This can not work.

When I create a volume on server2 using

vos create server2 (172.16.0.2) /vicepa public_data

the volume location is showed in vldb always mapped to the public IP 
(afs1.domain.org) of server2.
So I estimate server1 tries to connect to the public IP regarding the 
vldb entry.

However, I cannot change the vldb to change the volumelocation to the 
interal IP of server2, so the volume cannot be accessed.
Can somebody give me a clue, how get this working? Teh other idea would 
be not to use the VPN tunnel and make my master server accessible for 
AFS through my firewall.
But I would like to have a strong encrypted communication channel.

Btw: Openafs becomes more and more stable and reliable and meanwhile I 
really like it. :) Good work folks!
Best regards

Ralf