From owner-freebsd-questions@FreeBSD.ORG Fri Aug 20 22:36:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FF2F16A562 for ; Fri, 20 Aug 2004 22:36:08 +0000 (GMT) Received: from makeworld.com (makeworld.com [198.92.228.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC5A443D31 for ; Fri, 20 Aug 2004 22:36:07 +0000 (GMT) (envelope-from racerx@makeworld.com) Received: from localhost (localhost.com [127.0.0.1]) by makeworld.com (Postfix) with ESMTP id 1415A6294; Fri, 20 Aug 2004 17:36:07 -0500 (CDT) Received: from makeworld.com ([127.0.0.1]) by localhost (makeworld.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09468-06; Fri, 20 Aug 2004 17:36:04 -0500 (CDT) Received: from [198.92.228.34] (racerx.makeworld.com [198.92.228.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by makeworld.com (Postfix) with ESMTP id 754806292; Fri, 20 Aug 2004 17:36:03 -0500 (CDT) Message-ID: <41267CD2.4040109@makeworld.com> Date: Fri, 20 Aug 2004 17:36:02 -0500 From: Chris User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040809) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Geert Hendrickx References: <20040820222529.GA53077@lori.mine.nu> In-Reply-To: <20040820222529.GA53077@lori.mine.nu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at makeworld.com - Isn't it ironic cc: jef@hendrickx.be cc: freebsd-questions@freebsd.org Subject: Re: configuration of ip adresses on vpn router X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2004 22:36:08 -0000 Geert Hendrickx wrote: > Hi, > > I have set up a VPN with OpenVPN (ports/security/openvpn). It works > fine on the clients behind either router, but I'm still having a little > problem with it. Setup is like this: > > LAN > 192.168.1.x > | > | > 192.168.1.20 > VPN-router (FreeBSD) > 10.0.0.1 > | > | > 10.0.0.2 > VPN-router (OpenBSD) > 10.65.28.20 > | > | > 10.65.28.x > LAN > > where the 10.0.0.x are virtual devices (/dev/tun0), they are tunneling > the traffic through hardware routers which are connecting both sites to > the Internet. > > Now when I make a connection from, say, 192.168.1.210 to 10.65.28.38, > packets are sent across the networks ok. But when I make a connection > from 192.168.1.20 (the vpn router itself) to 10.65.28.38, the latter one > sees the packets coming from 10.0.0.1, and it does not know how to route > them back. > > I could solve this by adding extra routes (either on each client or on > the hardware routers which are the default route for each site), but > then there still is a problem if I want to restrict access to some > services, based on ip adress. I would have to allow access from the > 10.65.28.x network, the 192.168.1.x network (that's ok), but also from > the 10.0.0.x network (which is only virtual). This may seem correct, > but I'm having problems with the fact that the clients get to see these > adresses. They shouldn't. When I make a connection from one of the > vpn-routers to any of the clients, I want the source adress to be > 192.168.1.20, not 10.0.0.1 (or 10.65.28.20, not 10.0.0.2, respectively). > > Is that possible? > > GH > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > Is this a FreeBSD project or Open? Since this is both places. -- Best regards, Chris First rule of intelligent tinkering: Save all the parts