Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Oct 2004 09:58:44 -0500
From:      "Jonathan Reeder" <jreeder@minutemenu.com>
To:        <freebsd-net@freebsd.org>
Subject:   MPD Routing
Message-ID:  <NIECLIJFBLKHJMOALIKPMEKCCLAA.jreeder@minutemenu.com>
next in thread | raw e-mail | index | archive | help 
Got a question about routing with regards to MPD.  I'm able to make
connections to my MPD-based VPN server just fine, but once connected, I
can't communicate with anything on the other side of the tunnel, and it
appears to be a routing problem.

My ifconfig results for the ng0 device on the MPD server look as follows:

ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1400
        inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5
        inet 192.168.2.254 --> 192.168.2.200 netmask 0xffffffff

The MPD server has two NICs, one externally routable that clients connect
on, and then a 192.168.1.10 address for the internal LAN.

Here is what troubles me, when I ping 192.168.2.200 from the server while a
client is connected, I get:

ping: sendto: No route to host

That was what got me thinking about routing problems.  My routing table on
the MPD server looks as follows:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            216.138.x.x     UGSc        3    12634    dc0
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.1          link#2             UC         13        0    rl0
...
...
192.168.2.200      192.168.2.254      UH          0        3    ng0
192.168.2.254      lo0                UHS         0        0    lo0
216.138.x.x/29  link#1             UC          1        0    dc0
216.138.x.x     00:06:53:40:0a:60  UHLW        3        0    dc0   1197


I'm a little concerned about the two entries related to the VPN client.  I
understand that 192.168.2.200 should be routed through 192.168.2.254 on the
virtual ng0 device, but the fact that 192.168.2.254 is routed to the
loopback doesn't seem to click with me.  If my packets to the VPN client
(192.168.2.200) are being routed through "gateway" 192.168.2.254, and
192.168.2.254 just gets dumped on the loopback, how would packets ever make
it to the VPN client?  Seems like they would just die on the loopback.

By the way, I do have gateway_enable="YES" and my IPFILTER isn't blocking
any packets.

Any suggestions?  I'll be happy to post any more info that would be helpful.

Thanks a bunch.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NIECLIJFBLKHJMOALIKPMEKCCLAA.jreeder>