From owner-freebsd-questions@FreeBSD.ORG Wed May 11 22:33:14 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26C2E106566C for ; Wed, 11 May 2011 22:33:14 +0000 (UTC) (envelope-from btillman99@yahoo.com) Received: from nm14.bullet.mail.bf1.yahoo.com (nm14.bullet.mail.bf1.yahoo.com [98.139.212.173]) by mx1.freebsd.org (Postfix) with SMTP id BD5218FC18 for ; Wed, 11 May 2011 22:33:13 +0000 (UTC) Received: from [98.139.212.152] by nm14.bullet.mail.bf1.yahoo.com with NNFMP; 11 May 2011 22:33:12 -0000 Received: from [98.139.212.222] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 11 May 2011 22:33:12 -0000 Received: from [127.0.0.1] by omp1031.mail.bf1.yahoo.com with NNFMP; 11 May 2011 22:33:12 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 963223.62411.bm@omp1031.mail.bf1.yahoo.com Received: (qmail 3883 invoked by uid 60001); 11 May 2011 22:33:12 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1305153192; bh=n5S1nsIW3J1xntuuXu1RnTweeLKcXH4Q75sbXuCk7uI=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=uvhlOCFWS4L59/gOf4seaH5JA/xbS8l7lwMu+1lLDSAzoNKQknU4D26UUwukrGeqhYI2naWGYFI0ZnzVRQzXdVCDxk8W6RtbTimsp/lWlu/d5Kf8yrtRduFMp6chLcV6iM+P0eCYH+u3+xUHXu9GyyuRxNUSKGGfl/TFL3bqVq8= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=mwCSSlf8r4O+nqa8KYM4oYyJGGPf4SitI+NyQMTllQ91BIvqBLkrukqJ1dVE83bCP99ZwW3NCYMCrsMqhkmNLtwvzYx2FZDLDd84EErPwugiQ3t3rNd10kROjrdOk2aykhIkdZKIx/MC1TcLLa8zcN1Wn7TrKJqK4LCPvv1E9S4=; Message-ID: <255857.25990.qm@web36501.mail.mud.yahoo.com> X-YMail-OSG: Z0OqIJ8VM1mqRCzEB6QUR2KG5fBbB2V3bhRKFXUdUY4L1_. NyHbz4kq7wAma.8Kd.6GM6QNdXhJPkZERBMej9eYGtVSa_CGdvcHYnyVFpKt RQeWRD7CIE6wj_G6k_tbc9vnghxJxA4LcG1oB5RW07PDXwg1P3pBeJvoR8ZD r.etB656_5bZyZJ5NThhn00UampoF6q_lJDQo0tv8FC3TM2aUIaSkB80dDDZ aAx8qXCPMTBMr68xZtGMgnu7UX2BllXfoomm5.gWZGb6gdu9ObIwuPH8l9af Lb3AflDqfBZmgB4HtDxzxDm.hIiR_SqMWS9er1iEylQsaT6URfxvPCaL8AfO aFBGG4ZImWhwaNKRZjKUD8JaxhPzgcaksU9giH9K0Vi_U3fs8ftADxAtXtbm 86VJnkW3ftb3RiKZif26ur5XfZrOCoyjqbbqxiucjq5qU7wyk1XE2Cai.PO3 coST2E4mcEBaLxNYSbonhbvHV2SSlFUHvPcv8hGIUvImqBXNQMCKdU9o7Md0 SKUY- Received: from [98.242.233.74] by web36501.mail.mud.yahoo.com via HTTP; Wed, 11 May 2011 15:33:12 PDT X-Mailer: YahooMailRC/567 YahooMailWebService/0.8.111.303096 References: <207183.59415.qm@web36504.mail.mud.yahoo.com> Date: Wed, 11 May 2011 15:33:12 -0700 (PDT) From: Bill Tillman To: freebsd-questions@freebsd.org In-Reply-To: <207183.59415.qm@web36504.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: OpenVPN Setup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 22:33:14 -0000 Thanks again for all the great tips on OpenVPN setup. I think its about rea= dy =0Afor real deployment but I have a couple of more questions.=0A=0AMy Op= enVPN server (10.0.0.254) is inside my LAN behind another FreeBSD =0Arouter= /gateway (10.0.0.253) which is running IPFW+NATD and handles the LAN's =0Ac= onnection to the cable modem. All that is running fine.=0A=0AIn the docs I = read it told me to turn forwarding on at the OpenVPN server =0A(10.0.0.254)= =A0as well, effectively turning it into another gateway. I was =0Awondering= if this could be avoided, assuming the docs I read were about a setup =0Aw= here the VPN server was right off the Internet and was needed as the gatewa= y.=0A=0AI added this route to the FreeBSD router (10.0.0.253) which on my L= AN is the =0Amachine right off the cable modem:=0A=0A=A0=A0=A0 route add -n= et 10.8.0.0/24 10.0.0.254=0A=0AThis made everything work but I'd like to as= k if this is the most efficient way =0Aof setting up the routing table.on t= he router (10.0.0.253).=0A=0AWhen I check the routing tables on the OpenVPN= server with netstat -nr I see =0Athis info:=0A=0AInternet:=0ADestination= =A0=A0=A0=A0=A0=A0=A0 Gateway=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Flags=A0=A0= =A0 Refs=A0=A0=A0=A0=A0 Use=A0 Netif Expire=0Adefault=A0=A0=A0=A0=A0 =A0=A0= =A0=A0=A0=A0=A0=A0 10.0.0.253=A0=A0=A0=A0=A0=A0=A0=A0 UGS=A0=A0=A0=A0=A0=A0= =A0=A0 0=A0=A0=A0=A0 =A031257=A0 =A0=A0 bge0=0A10.0.0.0/24=A0=A0=A0=A0=A0= =A0=A0 link#3=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 U=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0 =A0 1=A0=A0 101587=A0=A0=A0=A0=A0 bge0=0A10.0.0.254= =A0=A0=A0=A0=A0=A0=A0=A0 link#3=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = =A0UHS=A0=A0=A0=A0=A0=A0=A0=A0 =A00=A0=A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0 0=A0= =A0=A0=A0=A0 =A0lo0=0A10.8.0.0/24=A0=A0=A0=A0=A0=A0=A0 10.8.0.2=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0UGS=A0=A0=A0=A0=A0=A0=A0=A0 0=A0=A0=A0 33716=A0=A0= =A0=A0=A0 =A0tun0=0A10.8.0.1=A0=A0=A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0 link#5=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =A0UHS=A0=A0=A0=A0=A0=A0=A0=A0=A0 0=A0= =A0=A0=A0=A0=A0=A0=A0=A0 =A0 2=A0=A0=A0=A0=A0=A0 =0A=A0lo0=0A10.8.0.2=A0=A0= =A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0 link#5=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0 =A0UH=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0 0=A0=A0=A0=A0=A0 =0A=A0tun0=0A127.0.0.1=A0=A0=A0=A0=A0=A0=A0=A0 =A0= =A0 link#4=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =A0 UH=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 0=A0=A0=A0=A0=A0=A0=A0 472=A0=A0=A0=A0=A0=A0 =A0lo0=0A=0AI'm c= urious as to why the 3rd entry shows the route for 10.8.0.0/24 goes through= =0A10.8.0.2 as it's gateway. 10.8.0.2 is not pingable in this setup.