From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 14:53:11 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57800106564A for ; Tue, 26 Apr 2011 14:53:11 +0000 (UTC) (envelope-from milu@dat.pl) Received: from jab.dat.pl (dat.pl [80.51.155.34]) by mx1.freebsd.org (Postfix) with ESMTP id 1074C8FC0A for ; Tue, 26 Apr 2011 14:53:10 +0000 (UTC) Received: from jab.dat.pl (jsrv.dat.pl [127.0.0.1]) by jab.dat.pl (Postfix) with ESMTP id 73A3873; Tue, 26 Apr 2011 16:53:09 +0200 (CEST) X-Virus-Scanned: amavisd-new at dat.pl Received: from jab.dat.pl ([127.0.0.1]) by jab.dat.pl (jab.dat.pl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id w9Og8PYiWv3S; Tue, 26 Apr 2011 16:53:06 +0200 (CEST) Received: from snifi.localnet (snifi.laptop [10.0.10.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by jab.dat.pl (Postfix) with ESMTPSA id 8F86428; Tue, 26 Apr 2011 16:53:06 +0200 (CEST) From: Maciej Milewski To: Ryan Coleman Date: Tue, 26 Apr 2011 16:53:35 +0200 User-Agent: KMail/1.13.7 (Linux/2.6.38-ARCH; KDE/4.6.2; x86_64; ; ) References: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> <6ABDD9A5-E75D-4998-8D49-C89B280F32D4@cwis.biz> In-Reply-To: <6ABDD9A5-E75D-4998-8D49-C89B280F32D4@cwis.biz> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201104261653.35417.milu@dat.pl> Cc: freebsd-questions@freebsd.org Subject: Re: OpenVPN routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 14:53:11 -0000 On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: > I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. ... > push "route 192.168.47.0 255.255.255.0" Have you tried adding the route to 192.168.46.0/24 subnet into the vpn client? You want to ping the host/interface on different subnet. If you don't set the routing to this subnet how your client should know that he needs to put that packet through tap interface not defaultroute which I suspect is different? Can you show the output of netstat -rn of the vpn client? You may try to look into tcpdump on the vpn router to find what is going with your packets.And for such scenario like vpnclient->vpnserver->network you may even not need nat just simple routing will be enough as long as you set it up on right. My setup is based on tun interfaces and works like a charm. I don't use nat and I only added routing info to the specific routers in the internal networks. Maciej Milewski