From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 13:32:46 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A0421065670 for ; Tue, 26 Apr 2011 13:32:46 +0000 (UTC) (envelope-from nvidican@m2.vidican.com) Received: from mail-gx0-f182.google.com (mail-gx0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id D49C68FC1B for ; Tue, 26 Apr 2011 13:32:45 +0000 (UTC) Received: by gxk28 with SMTP id 28so278881gxk.13 for ; Tue, 26 Apr 2011 06:32:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.236.184.164 with SMTP id s24mr894851yhm.260.1303824764966; Tue, 26 Apr 2011 06:32:44 -0700 (PDT) Sender: nvidican@m2.vidican.com Received: by 10.147.182.3 with HTTP; Tue, 26 Apr 2011 06:32:44 -0700 (PDT) X-Originating-IP: [136.1.1.105] In-Reply-To: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> References: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> Date: Tue, 26 Apr 2011 09:32:44 -0400 X-Google-Sender-Auth: hYP3zVckelzU7QPpY8uOp6ncqPc Message-ID: From: Nathan Vidican To: Ryan Coleman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD Mailing List Subject: Re: OpenVPN routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 13:32:46 -0000 On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman wrot= e: > > I've got an OpenVPN connection working to my remote server, but I want to= route the traffic to the local LAN. > > I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2)= from the remote machine. > > Server.conf: > local 192.168.46.2 > port 1194 > proto udp > dev tap > ca keys/cacert.pem > cert keys/server.crt > key keys/server.key # This file should be kept secret > dh keys/dh1024.pem > # Don't put this in the keys directory unless user nobody can read it > crl-verify keys/crl.pem > #Make sure this is your tunnel address pool > server 192.168.47.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > #This is the route to push to the client, add more if necessary > #push "route 192.168.46.254 255.255.255.0" > push "route 192.168.47.0 255.255.255.0" > push "dhcp-option DNS 192.168.45.10" > keepalive 10 120 > cipher BF-CBC #Blowfish encryption > comp-lzo > #fragment > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 6 > mute 5 > > > client.conf: > #Begin client.conf > client > dev tap > proto udp > remote sub.domain.ltd 1194 > nobind > user nobody > group nobody > persist-key > persist-tun > #crl-verify > #remote-cert-tls server > ca keys/cacert.pem > cert keys/ryanc.crt > key keys/ryanc.key > cipher BF-CBC > comp-lzo > verb 3 > mute 20 > > Any ideas? =A0As I said, I can talk to the remote server, but not the loc= al LAN. > > To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 = - which we have another VPN connecting the two networks (not running on a V= PN I can do much with). > > > Thanks, > Ryan_______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" Do you have packet forwarding (routing /gateway) enabled? An all-important, yet sometimes forgotten step... check if: sysctl=A0net.inet.ip.forwarding returns 1 for enabled or not. You can enable it right away by setting to 1, and/or view the instructions in the handbook for greater detail including how to set as a startup option as well: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.h= tml -- Nathan Vidican nathan@vidican.com