Date: Fri, 31 Mar 2017 09:36:11 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: Michael Sierchio <kudzu@tenebras.com> Cc: Andrea Venturoli <ml@netfence.it>, freebsd-net@freebsd.org Subject: Re: OpenVPN and policy routing Message-ID: <20170331023611.GA37113@admin.sibptus.transneft.ru> In-Reply-To: <CAHu1Y71a4=DPEKJCMV_m-WAe3kv=_NWb8o7mKxpdY5U=zTif2A@mail.gmail.com> References: <20170330032222.GA18053@admin.sibptus.transneft.ru> <81f24563-1abb-e804-d2a3-7fa772a0c78d@netfence.it> <20170330074615.GA25049@admin.sibptus.transneft.ru> <c1e380a2-7b11-7143-f05a-0589a8bd4a6f@netfence.it> <CAHu1Y71a4=DPEKJCMV_m-WAe3kv=_NWb8o7mKxpdY5U=zTif2A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Sierchio wrote:
> I use different FIBs in the ipfw ruleset to accomplish policy based
> routing, including via a tun interface.
I've just found out that even when tun0 is in fib 0, you can use it as
a gateway from a different fib, and it works:
root@km:~ # netstat -rn -4 -F1
Routing tables (fib: 1)
Internet:
Destination Gateway Flags Netif Expire
default 192.168.154.5 UGS tun0
95.170.158.128/27 link#2 U rl1
127.0.0.1 link#4 UH lo0
192.168.11.0/24 link#3 U ste0
192.168.14.0/24 link#1 U rl0
192.168.154.5 link#5 UH tun0
root@km:~ #
root@km:~ # ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::2e0:4cff:feb0:6dd4%tun0 prefixlen 64 scopeid 0x5
inet 192.168.154.6 --> 192.168.154.5 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 717
root@km:~ #
I.e. all directly connected networks are available from all fibs, not just the default one.
It probably depends on the net.add_addr_allfibs systcl setting.
So, my task would be best solved by "ifconfig fxp2 fib 1". Thanks to all
who replied.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170331023611.GA37113>