From owner-freebsd-questions@FreeBSD.ORG Sat Jan 28 23:49:20 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE6A416A420 for ; Sat, 28 Jan 2006 23:49:20 +0000 (GMT) (envelope-from v.velox@vvelox.net) Received: from mail07.powweb.com (mail07.powweb.com [66.152.97.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE17E43D49 for ; Sat, 28 Jan 2006 23:49:20 +0000 (GMT) (envelope-from v.velox@vvelox.net) Received: from vixen42.vulpes (24-119-205-114.cpe.cableone.net [24.119.205.114]) by mail07.powweb.com (Postfix) with ESMTP id 4F63014DA61; Sat, 28 Jan 2006 15:49:19 -0800 (PST) Date: Sat, 28 Jan 2006 18:00:05 -0600 From: Vulpes Velox To: Bob Kersten Message-ID: <20060128180005.67b515ce@vixen42.vulpes> In-Reply-To: References: X-Mailer: Sylpheed-Claws 1.9.100 (GTK+ 2.8.10; i386-portbld-freebsd5.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: VPN / Bridge X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jan 2006 23:49:21 -0000 On Tue, 24 Jan 2006 16:01:11 +0100 Bob Kersten wrote: > Hello, > > I've been trying to create a tunnel/bridge between two networks > which both reside behind a FreeBSD router using NAT. I've achieved > it using the handbook example in chapter 14.10. Clients on network > A are able to ping clients on network B and clients on network A > are able to map samba shares on the NAT box/gateway of network B. > The example however uses two different subnets to route traffic > between both networks. Unfortunately broadcasts will not travel > through the tunnel which causes Apple's bonjour (called rendezvous > earlier) not being able to discover clients on the other network. > > What I want to achieve is what I believe a bridge between both > networks. The entire network A should be on the same subnet as > network B: > > network A > range 192.168.100.100 - 192.168.100.199 / 255.255.255.0 > | > FreeBSD gateway A > en1: IP: 192.168.100.101 / 255.255.255.0 > en0: public IP: 25.25.25.1 > | > Internet > | > FreeBSD gateway B > en0: public IP: 25.25.25.2 > en1: IP: 192.168.100.1 / 255.255.255.0 > | > Network B > range 192.168.100.1 - 192.168.100.99 / 255.255.255.0 > > Using the example from the handbook there was no additional > configuration necessary on the clients on both networks, the > FreeBSD gateways handled all the necessary routing. It would be > great if this new setup should also not require any additional > settings on the clients aswell. > > Can anyone give me an example or the necessary steps to create > this kind of VPN? I would use openvpn. You need to select one to be a vpn server and another to be a vpn client. You just create a basic vpn connection that connect the two together. Then on each one add a route for that points at the vpn address as the gateway for that subnet. BTW the addressing is wrong there. You can't one one be 192.168.100.1-192.168.100.99 and the other be 192.168.100.100-192.168.100.199. The That netmask is not possible. You can do a 28 bit netmask, which will give 126 address to play with on both networks.