Date: Thu, 12 May 2011 12:21:53 -0400 From: Arnaud Lacombe <lacombar@gmail.com> To: sample@email.cz Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD 7 and FreeBSD 8 OpenVPN problem Message-ID: <BANLkTik8RKD=zXMHCMGCxrvbaL9bPgLn7g@mail.gmail.com> In-Reply-To: <54805.960.2090-2700-1520430731-1305210003@email.cz> References: <54805.960.2090-2700-1520430731-1305210003@email.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
On Thu, May 12, 2011 at 10:20 AM, <sample@email.cz> wrote:
> Hi,
>
> I have a problem with the different behavior of OpenVPN under FreeBSD 7 a=
nd FreeBSD 8. Problem is as follows. I have created an OpenVPN server and I=
PSEC tunnel. I have a client which is connecting via OpenVPN to LAN.
>
> This is working properly (client is able to reach all computers inside LA=
N and their services) in both cases - FreeBSD 7 and 8. The problem occurs w=
hen I want to connect (e.g. PING) the LAN interface of FreeBSD - for exampl=
e "em0" with IP 192.168.1.1.
>
> On FreeBSD 7 (server) when I run tcpdump, I see packets coming from the O=
penVPN network on the FreeBSD LAN interface ("em0" with IP 192.168.1.1) - e=
verything works as should.
>
> On FreeBSD 8 (server) - the ping from the client to LAN interface "em0" i=
s working (I get reply from ip 192.168.1.1 (em0) on client PC), but when I =
run tcpdump on the LAN interface (192.168.1.1 - em0), I don't see any ICMP =
packets. (I wonder, what is answering me then?).
>
I wonder if this does not have to do with how OpenVPN re-inject packet
in the kernel, what path it follows, and where the bpf hook are. I am
not sure of what would be expected when sniffing on an interface.
Would you intend to see only the traffic going in and out the physical
interface ? or would you intend to see all the the traffic matching a
parameter associated with an interface (IP address, ...) ?
You should also have an internal route trough `lo0' for local traffic.
I found out that even without that route, local traffic go trough
`lo0', with all the consequences, like IPv4 checksum not being
computed [which does not even seem to be tunable btw.].
- Arnaud
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTik8RKD=zXMHCMGCxrvbaL9bPgLn7g>