From owner-freebsd-net@freebsd.org  Wed Mar  9 10:29:15 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A06BAC98BC
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed,  9 Mar 2016 10:29:15 +0000 (UTC) (envelope-from elof2@sentor.se)
Received: from smtp-out.sentor.se (smtp-out.sentor.se [176.124.225.2])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 64638698
 for <freebsd-net@freebsd.org>; Wed,  9 Mar 2016 10:29:15 +0000 (UTC)
 (envelope-from elof2@sentor.se)
Received: from localhost (localhost [127.0.0.1])
 by farmermaggot.shire.sentor.se (Postfix) with ESMTP id DE028B61D233
 for <freebsd-net@freebsd.org>; Wed,  9 Mar 2016 11:29:11 +0100 (CET)
Date: Wed, 9 Mar 2016 11:29:11 +0100 (CET)
From: elof2@sentor.se
To: freebsd-net <freebsd-net@freebsd.org>
Subject: Source routing howto
Message-ID: <alpine.BSF.2.00.1603091119130.3214@farmermaggot.shire.sentor.se>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 10:29:15 -0000

Hi all!

I've been searching the internet but can't find any good 
documentation/examples on how to setup source routing in my FreeBSD.

What I want to do:

Let internet clients connect their OpenVPN to a FreeBSD box. The client's 
internet traffic should be routed to a separate firewall dedicated for all 
client networks (VPN and physical), where all clients then leave the 
network.

The FreeBSD box has its own normal default gateway to speak with the 
internet.
This route is needed in order to be able to keep the OpenVPN-traffic 
flowing.

How do I source route the tunneled traffic, coming from e.g. 10.10.10.x to 
the "client firewall"?

Are there any good examples out there?
Do I have to compile a custom kernel?

(the responses back from that firewall use a normal static route, pointing 
10.10.10.0/24 to the FreeBSD box)

/Elof