From owner-freebsd-net@FreeBSD.ORG Wed Aug 6 19:31:41 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B6661065676 for ; Wed, 6 Aug 2008 19:31:41 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by mx1.freebsd.org (Postfix) with ESMTP id 2E2418FC15 for ; Wed, 6 Aug 2008 19:31:40 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay11.apple.com (relay11.apple.com [17.128.113.48]) by mail-out4.apple.com (Postfix) with ESMTP id BD90C3721C0A; Wed, 6 Aug 2008 12:14:29 -0700 (PDT) Received: from relay11.apple.com (unknown [127.0.0.1]) by relay11.apple.com (Symantec Mail Security) with ESMTP id 9E351280C5; Wed, 6 Aug 2008 12:14:29 -0700 (PDT) X-AuditID: 11807130-aab92bb000000ead-39-4899f8151287 Received: from cswiger1.apple.com (cswiger1.apple.com [17.227.140.124]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay11.apple.com (Apple SCV relay) with ESMTP id 7A8E2280B4; Wed, 6 Aug 2008 12:14:29 -0700 (PDT) Message-Id: From: Chuck Swiger To: Bill Moran In-Reply-To: <20080806145031.9c94326a.wmoran@collaborativefusion.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v928.1) Date: Wed, 6 Aug 2008 12:14:29 -0700 References: <4899F1AB.8080409@delphij.net> <20080806145031.9c94326a.wmoran@collaborativefusion.com> X-Mailer: Apple Mail (2.928.1) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-net@freebsd.org, d@delphij.net, Quake Lee , Xin LI Subject: Re: Routing: local link vs VPN provided route X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 19:31:41 -0000 Hi, all-- On Aug 6, 2008, at 11:50 AM, Bill Moran wrote: >> It seems, however, that the packets would just go to local >> network. Is >> it possible to get packets to non-conflicting IP addresses (i.e. only >> exist in either local network, or remote VPN'ed network) to go >> through >> the tun0 device? > > Any hack you would do to make this work is going to be unreliable at > best. > > Renumber your network so that routing can work as designed. Bill's advice is solid, but there are some other alternatives available. You could set up individual host routes (ie, a route with a /32 netmask) which go over tun0 rather than defaulting to your local ethernet link, for the things you want to access remotely. The other alternative is to set up OpenVPN in bridging mode: http://openvpn.net/index.php/documentation/faq.html#bridge1 http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html This isn't a recommended configuration for many purposes, as it is more efficient to use explicit routing between subnets when you need to cross the VPN link, rather than simply sending everything over that link as in a bridge, but bridging works better with Samba, ZeroConf/ Bonjour, and other things which use network broadcasts to find things on the "local" subnet. Regards, -- -Chuck