From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 02:38:43 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1907106566C for ; Tue, 26 Apr 2011 02:38:43 +0000 (UTC) (envelope-from editor@d3photography.com) Received: from server.cwis.biz (70-89-202-5-invergrove-mn.hfc.comcastbusiness.net [70.89.202.5]) by mx1.freebsd.org (Postfix) with ESMTP id 559E98FC14 for ; Tue, 26 Apr 2011 02:38:43 +0000 (UTC) Received: from server.cwis.biz (localhost [127.0.0.1]) by server.cwis.biz (Postfix) with ESMTP id EDA31264E204; Mon, 25 Apr 2011 21:39:50 -0500 (CDT) X-Virus-Scanned: amavisd-new at cwis.biz Received: from server.cwis.biz ([127.0.0.1]) by server.cwis.biz (server.cwis.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yli19XjRhVM1; Mon, 25 Apr 2011 21:39:37 -0500 (CDT) Received: from [10.0.1.198] (70-89-202-1-invergrove-mn.hfc.comcastbusiness.net [70.89.202.1]) by server.cwis.biz (Postfix) with ESMTPSA id C028D264E203; Mon, 25 Apr 2011 21:39:37 -0500 (CDT) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Ryan Coleman In-Reply-To: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> Date: Mon, 25 Apr 2011 21:38:29 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <5677ADC4-3BE8-46C0-8C19-C893276B79FE@d3photography.com> References: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> To: Ryan Coleman X-Mailer: Apple Mail (2.1084) Cc: FreeBSD Mailing List Subject: Re: OpenVPN routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 02:38:43 -0000 Also: [root@nbserver1 /usr/home/ryanc]# ifconfig em0: flags=3D8943 metric = 0 mtu 1500 options=3D98 ether 00:14:22:15:dc:65 inet 192.168.46.2 netmask 0xffffff00 broadcast 192.168.46.255 media: Ethernet autoselect (1000baseT ) status: active tap0: flags=3D8943 = metric 0 mtu 1500 options=3D80000 ether 00:bd:7e:86:1d:00 inet 192.168.47.1 netmask 0xffffff00 broadcast 192.168.47.255 Opened by PID 10341 bridge0: flags=3D8843 metric 0 = mtu 1500 ether 46:e1:75:c6:a3:a7 inet 192.168.47.254 netmask 0xffffff00 broadcast 192.168.47.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags=3D143 ifmaxaddr 0 port 5 priority 128 path cost 2000000 member: em0 flags=3D143 ifmaxaddr 0 port 1 priority 128 path cost 20000 On Apr 25, 2011, at 9:36 PM, Ryan Coleman wrote: > I've got an OpenVPN connection working to my remote server, but I want = to route the traffic to the local LAN. >=20 > I have a bridge set up, pingable... but can't ping the em1 = (192.168.46.2) from the remote machine. >=20 > Server.conf: > local 192.168.46.2 > port 1194 > proto udp > dev tap > ca keys/cacert.pem > cert keys/server.crt > key keys/server.key # This file should be kept secret > dh keys/dh1024.pem > # Don't put this in the keys directory unless user nobody can read it > crl-verify keys/crl.pem > #Make sure this is your tunnel address pool > server 192.168.47.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > #This is the route to push to the client, add more if necessary > #push "route 192.168.46.254 255.255.255.0" > push "route 192.168.47.0 255.255.255.0" > push "dhcp-option DNS 192.168.45.10" > keepalive 10 120 > cipher BF-CBC #Blowfish encryption > comp-lzo > #fragment > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 6 > mute 5 >=20 >=20 > client.conf:=20 > #Begin client.conf > client > dev tap > proto udp > remote sub.domain.ltd 1194 > nobind > user nobody > group nobody > persist-key > persist-tun > #crl-verify > #remote-cert-tls server > ca keys/cacert.pem > cert keys/ryanc.crt > key keys/ryanc.key > cipher BF-CBC > comp-lzo > verb 3 > mute 20 >=20 > Any ideas? As I said, I can talk to the remote server, but not the = local LAN. >=20 > To throw a new curveball in the mix, I'd like to talk to = 192.168.45.0/24 - which we have another VPN connecting the two networks = (not running on a VPN I can do much with). >=20 >=20 > Thanks, > Ryan_______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"