From owner-freebsd-net@FreeBSD.ORG Fri Oct 1 14:49:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD17316A4D1 for ; Fri, 1 Oct 2004 14:49:40 +0000 (GMT) Received: from mail.minutemenu.com (mail.minutemenu.com [69.93.74.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E19443D2F for ; Fri, 1 Oct 2004 14:49:40 +0000 (GMT) (envelope-from jreeder@minutemenu.com) Received: from localhost (localhost.minutemenu.com [127.0.0.1]) by mail.minutemenu.com (Postfix) with ESMTP id E9FAF228810 for ; Fri, 1 Oct 2004 09:52:10 -0500 (CDT) Received: from mail.minutemenu.com ([69.93.74.12]) by localhost (lisa.minutemenu.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06981-04 for ; Fri, 1 Oct 2004 09:52:10 -0500 (CDT) Received: from jreed (unknown [216.138.72.218]) by mail.minutemenu.com (Postfix) with SMTP id 0ED8E2285D7 for ; Fri, 1 Oct 2004 09:52:10 -0500 (CDT) From: "Jonathan Reeder" To: Date: Fri, 1 Oct 2004 09:58:44 -0500 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-new at mail.minutemenu.com Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: MPD Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 14:49:40 -0000 Got a question about routing with regards to MPD. I'm able to make connections to my MPD-based VPN server just fine, but once connected, I can't communicate with anything on the other side of the tunnel, and it appears to be a routing problem. My ifconfig results for the ng0 device on the MPD server look as follows: ng0: flags=88d1 mtu 1400 inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5 inet 192.168.2.254 --> 192.168.2.200 netmask 0xffffffff The MPD server has two NICs, one externally routable that clients connect on, and then a 192.168.1.10 address for the internal LAN. Here is what troubles me, when I ping 192.168.2.200 from the server while a client is connected, I get: ping: sendto: No route to host That was what got me thinking about routing problems. My routing table on the MPD server looks as follows: # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 216.138.x.x UGSc 3 12634 dc0 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.1 link#2 UC 13 0 rl0 ... ... 192.168.2.200 192.168.2.254 UH 0 3 ng0 192.168.2.254 lo0 UHS 0 0 lo0 216.138.x.x/29 link#1 UC 1 0 dc0 216.138.x.x 00:06:53:40:0a:60 UHLW 3 0 dc0 1197 I'm a little concerned about the two entries related to the VPN client. I understand that 192.168.2.200 should be routed through 192.168.2.254 on the virtual ng0 device, but the fact that 192.168.2.254 is routed to the loopback doesn't seem to click with me. If my packets to the VPN client (192.168.2.200) are being routed through "gateway" 192.168.2.254, and 192.168.2.254 just gets dumped on the loopback, how would packets ever make it to the VPN client? Seems like they would just die on the loopback. By the way, I do have gateway_enable="YES" and my IPFILTER isn't blocking any packets. Any suggestions? I'll be happy to post any more info that would be helpful. Thanks a bunch.