From owner-freebsd-net@freebsd.org  Thu Mar 30 03:22:27 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 767CFD17554
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu, 30 Mar 2017 03:22:27 +0000 (UTC)
 (envelope-from vas@mpeks.tomsk.su)
Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5])
 by mx1.freebsd.org (Postfix) with ESMTP id E0D55219
 for <freebsd-net@freebsd.org>; Thu, 30 Mar 2017 03:22:25 +0000 (UTC)
 (envelope-from vas@mpeks.tomsk.su)
X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru
Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru)
 by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16)
 with ESMTPS id 39655258 for freebsd-net@freebsd.org;
 Thu, 30 Mar 2017 09:17:54 +0600
Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1])
 by admin.sibptus.transneft.ru (8.14.9/8.14.9) with ESMTP id v2U3MNkV018782
 for <freebsd-net@freebsd.org>; Thu, 30 Mar 2017 10:22:23 +0700 (KRAT)
 (envelope-from vas@mpeks.tomsk.su)
Received: (from sudakov@localhost)
 by admin.sibptus.transneft.ru (8.14.9/8.14.9/Submit) id v2U3MM27018781
 for freebsd-net@freebsd.org; Thu, 30 Mar 2017 10:22:22 +0700 (KRAT)
 (envelope-from vas@mpeks.tomsk.su)
X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to
 vas@mpeks.tomsk.su using -f
Date: Thu, 30 Mar 2017 10:22:22 +0700
From: Victor Sudakov <vas@mpeks.tomsk.su>
To: freebsd-net@freebsd.org
Subject: OpenVPN and policy routing
Message-ID: <20170330032222.GA18053@admin.sibptus.transneft.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: AO "Svyaztransneft", SibPTUS
X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov
X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9  3532 0DA4 F259 9B5E C634
User-Agent: Mutt/1.7.1 (2016-10-04)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 03:22:27 -0000

Dear Colleagues,

Anyone experienced with OpenVPN on FreeBSD?

What would be the best way to policy route a network into OpenVPN? A
routing decision must be based on the src IP address, not the dst IP
address.

Imagine an OpenVPN client with 3 interfaces: fxp0 is the outside
interface towards the OpenVPN server, fxp1 is for LAN1 and fxp2 for
LAN2.

 From LAN1, some private networks are reachable through OpenVPN
(tun0), this is done via the regular route commands (pulled from the
OpenVPN server).

 From LAN2, *everything* should be reachable only through OpenVPN.
Which is the best way to accomplish this?

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
AS43859