From owner-freebsd-net@freebsd.org  Sun Dec  4 10:24:04 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F201CC660F5
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sun,  4 Dec 2016 10:24:04 +0000 (UTC) (envelope-from cs@innolan.dk)
Received: from avril.innolan.net (ntp2.innolan.net [90.184.222.115])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B70AFB8D
 for <freebsd-net@freebsd.org>; Sun,  4 Dec 2016 10:24:04 +0000 (UTC)
 (envelope-from cs@innolan.dk)
Received: from [192.168.10.60] (unknown [192.168.10.60])
 by avril.innolan.net (Postfix) with ESMTP id CABDC61F909;
 Sun,  4 Dec 2016 11:14:47 +0100 (CET)
Subject: Re: freebsd openvpn setup
To: =?UTF-8?B?w5hyamFuIFTDuG5kZXI=?= <orjan.tonder@gmail.com>,
 freebsd-net@freebsd.org
References: <CABx0kFFzNzAj4XYwi9jtP3eg-+e0Mg3Q_sJsFbfYG1A0cG4+Mw@mail.gmail.com>
From: Carsten Larsen <cs@innolan.dk>
Message-ID: <5e81070e-a28c-bf12-1d6a-e8028a274a35@innolan.dk>
Date: Sun, 4 Dec 2016 11:14:47 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CABx0kFFzNzAj4XYwi9jtP3eg-+e0Mg3Q_sJsFbfYG1A0cG4+Mw@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Dec 2016 10:24:05 -0000

Hi Ørjan


Den 04-12-2016 kl. 09:36 skrev Ørjan Tønder:
> I have successful setup a openvpn network all clients can reach outside and
> lan,
> but the server cant reach the clients.
>
> network setup
>     10.8.1.0/24
>           server 10.8.1.1/24
>           clients 10.8.1.2-130/24
>
> The routing table from the server:
> root@charon:/usr/local/etc/openvpn # netstat  -r
> Routing tables
>
> Internet:
> Destination        Gateway            Flags     Netif Expire
> default            static.1.31.4.46.c UGS         re0
> 10.8.1.0/24        link#5             U          tap0
> 10.8.1.1           link#5             UHS         lo0
> 10.8.2.1           link#3             UH          lo1
> 10.8.2.3           link#3             UH          lo1
> 46.4.31.0/26       link#1             U           re0
> tuxlab.no          link#1             UHS         lo0
> localhost          link#2             UH          lo0
>
> Internet6:
> Destination        Gateway            Flags     Netif Expire
> ::/96              localhost          UGRS        lo0
> localhost          link#2             UH          lo0
> ::ffff:0.0.0.0/96  localhost          UGRS        lo0
> fe80::/10          localhost          UGRS        lo0
> fe80::%re0/64      link#1             U           re0
> fe80::6e62:6dff:fe link#1             UHS         lo0
> fe80::%lo0/64      link#2             U           lo0
> fe80::1%lo0        link#2             UHS         lo0
> fe80::%tap0/64     link#5             U          tap0
> fe80::2bd:6fff:fe3 link#5             UHS         lo0
> ff02::/16          localhost          UGRS        lo0
>
>
> what am i missing ?
>
>
>

You need to add an iroute in the client config.


Kind regards
Carsten Larsen