From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 23:15:24 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A228106564A for ; Tue, 26 Apr 2011 23:15:24 +0000 (UTC) (envelope-from editor@d3photography.com) Received: from server.cwis.biz (70-89-202-5-invergrove-mn.hfc.comcastbusiness.net [70.89.202.5]) by mx1.freebsd.org (Postfix) with ESMTP id C033D8FC15 for ; Tue, 26 Apr 2011 23:15:23 +0000 (UTC) Received: from server.cwis.biz (localhost [127.0.0.1]) by server.cwis.biz (Postfix) with ESMTP id 402F2264E3A2; Tue, 26 Apr 2011 18:16:34 -0500 (CDT) X-Virus-Scanned: amavisd-new at cwis.biz Received: from server.cwis.biz ([127.0.0.1]) by server.cwis.biz (server.cwis.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kfCIVz06LX0i; Tue, 26 Apr 2011 18:16:21 -0500 (CDT) Received: from [10.0.1.198] (70-89-202-1-invergrove-mn.hfc.comcastbusiness.net [70.89.202.1]) by server.cwis.biz (Postfix) with ESMTPSA id 363C2264E3A0; Tue, 26 Apr 2011 18:16:21 -0500 (CDT) Mime-Version: 1.0 (Apple Message framework v1084) From: Ryan Coleman In-Reply-To: <403698FF-F38D-4250-A1E5-FF2D6DE8DAFE@cwis.biz> Date: Tue, 26 Apr 2011 18:15:09 -0500 Message-Id: <612D04A1-EEAB-4443-A336-36A53CB7DA22@d3photography.com> References: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> <6ABDD9A5-E75D-4998-8D49-C89B280F32D4@cwis.biz> <201104261653.35417.milu@dat.pl> <403698FF-F38D-4250-A1E5-FF2D6DE8DAFE@cwis.biz> To: Ryan Coleman X-Mailer: Apple Mail (2.1084) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Maciej Milewski , freebsd-questions@freebsd.org Subject: Re: OpenVPN routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 23:15:24 -0000 On Apr 26, 2011, at 3:50 PM, Ryan Coleman wrote: > On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote: >=20 >> On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: >>> I have a bridge set up, pingable... but can't ping the em1 = (192.168.46.2)=20 >> from the remote machine. >> ... >>> push "route 192.168.47.0 255.255.255.0" >>=20 >> Have you tried adding the route to 192.168.46.0/24 subnet into the = vpn client? >>=20 >> You want to ping the host/interface on different subnet. If you don't = set the=20 >> routing to this subnet how your client should know that he needs to = put that=20 >> packet through tap interface not defaultroute which I suspect is = different?=20 >>=20 >> Can you show the output of netstat -rn of the vpn client? >>=20 >> You may try to look into tcpdump on the vpn router to find what is = going with=20 >> your packets.And for such scenario like vpnclient->vpnserver->network = you may=20 >> even not need nat just simple routing will be enough as long as you = set it up=20 >> on right. >>=20 >> My setup is based on tun interfaces and works like a charm. I don't = use nat=20 >> and I only added routing info to the specific routers in the internal=20= >> networks. >>=20 >> Maciej Milewski >=20 > I'm going to have to get this information when I get home and am not = on the office LAN. I can do ping tests specifically through the tap0 = interface but not check the netstat report properly from inside the = network. Maciej, Here you go:=20 Ryan-Colemans-MacBook-Pro:~ ryanjcole$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif = Expire default 10.0.1.1 UGSc 61 0 en1 10.0.1/24 link#5 UCS 3 0 en1 10.0.1.1 0:23:12:f7:37:cc UHLWI 89 1268 en1 = 1142 10.0.1.2 0:14:d1:1f:79:1b UHLWI 0 837 en1 = 183 10.0.1.198 127.0.0.1 UHS 0 0 lo0 10.0.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en1 127 127.0.0.1 UCS 0 0 lo0 127.0.0.1 127.0.0.1 UH 2 75 lo0 169.254 link#5 UCS 0 0 en1 172.16.87/24 link#7 UC 1 0 vmnet1 172.16.87.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 vmnet1 192.168.46 192.168.47.2 UGSc 0 0 tap0 192.168.47 link#10 UC 1 0 tap0 192.168.47.2 link#10 UHLWI 1 0 tap0 Internet6: Destination Gateway = Flags Netif Expire ::1 ::1 = UH lo0 fe80::%lo0/64 fe80::1%lo0 = Uc lo0 fe80::1%lo0 link#1 = UHL lo0 fe80::%en1/64 link#5 = UC en1 fe80::224:36ff:fea1:1d68%en1 0:24:36:a1:1d:68 = UHLW en1 fe80::9227:e4ff:fef8:b2fb%en1 90:27:e4:f8:b2:fb = UHL lo0 ff01::/32 ::1 = Um lo0 ff02::/32 ::1 = UmC lo0 ff02::/32 link#5 = UmC en1 Ryan-Colemans-MacBook-Pro:~ ryanjcole$ ping 192.168.46.2 PING 192.168.46.2 (192.168.46.2): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2