From owner-freebsd-questions@FreeBSD.ORG Fri May 4 17:27:43 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A732316A409 for ; Fri, 4 May 2007 17:27:43 +0000 (UTC) (envelope-from neo@gothic-chat.de) Received: from gothnet.eu (srv1.gothnet.eu [83.133.111.128]) by mx1.freebsd.org (Postfix) with ESMTP id 657B313C459 for ; Fri, 4 May 2007 17:27:42 +0000 (UTC) (envelope-from neo@gothic-chat.de) Received: from localhost (localhost [127.0.0.1]) by gothnet.eu (Postfix) with ESMTP id 8727E33C1B; Fri, 4 May 2007 19:27:41 +0200 (CEST) X-Virus-Scanned: amavisd-new at gothnet.eu Received: from gothnet.eu ([127.0.0.1]) by localhost (gothnet.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XC2-zPDuaAny; Fri, 4 May 2007 19:27:38 +0200 (CEST) Received: from [192.168.2.4] (ppp-62-245-211-208.dynamic.mnet-online.de [62.245.211.208]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: neo) by gothnet.eu (Postfix) with ESMTP id 9CC3F33C19; Fri, 4 May 2007 19:27:38 +0200 (CEST) Message-ID: <463B6CF8.50005@gothic-chat.de> Date: Fri, 04 May 2007 19:27:20 +0200 From: "Neo [GC]" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.0.10) Gecko/20070221 Thunderbird/1.5.0.10 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Routing between subnets X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2007 17:27:43 -0000 Hi, i try to use a FreeBSD 6-STABLE machine as VPN-gateway for my home network. For VPN I use OpenVPN, wich connects to an outside OpenVPN-server. The connection itself works, but i need to get routing working for my LAN. I have searched in Google and group archives, but i can't find an easy howto wich works for me. Hope, someone of you can help me. I have set gateway_enable="yes" in my rc.conf, but it seems not to be working. (Question: Must this be enabled on the outside VPN-server too?) Config at home (deleted all unnessesary): Output of ifconfig: fxp0: flags=8843 mtu 1500 options=8 inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255 tun0: flags=8051 mtu 1500 inet 10.10.0.6 --> 10.10.0.5 netmask 0xffffffff Output of netstat -r: Destination Gateway Flags Refs Use Netif Expire default skynet.gothic-chat UGS 0 226 fxp0 10.10.0.1/32 10.10.0.5 UGS 0 0 tun0 10.10.0.5 10.10.0.6 UH 1 0 tun0 192.168.2 link#1 UC 0 0 fxp0 192.168.2.255 ff:ff:ff:ff:ff:ff UHLWb 1 29 fxp0 Config at the VPN-server: Output of ifconfig: tun0: flags=8051 mtu 1500 inet 10.10.0.1 --> 10.10.0.2 netmask 0xffffffff Output of netstat -r: Destination Gateway Flags Refs Use Netif Expire default 83.133.111.1 UGS 0 57308679 em0 10.10/24 10.10.0.2 UGS 1 239 tun0 10.10.0.2 10.10.0.1 UH 1 0 tun0 192.168.2 10.10.0.6 UGS 0 2 tun0 I can ping in either direction between the two PCs with OpenVPN. So far so good... I've set a route on another PC in the LAN (XP), wich shows up in route print as 10.10.0.0 255.255.255.0 192.168.2.2 192.168.2.4 1 A tracert to 10.10.0.1 (the outside VPN-server) goes to 192.168.2.2 (wich is correct i think) and the goes no further... As firewall at home i use ipfilter, wich is set to be completely open: root@wintermute:~# ipfstat -i empty list for ipfilter(in) root@wintermute:~# ipfstat -o empty list for ipfilter(out) The firewall at the VPN-server has: pass out quick on tun0 all pass in quick on tun0 all Thanks for all your help! Greetings, -- Neo [GC] / Thomas Weber Webmaster @ GothNet.eu / Gothic-Chat.de EMail: neo@gothic-chat.de WWW: http://neo.gothic-chat.de/ Location: Earth::Germany::Munich