Date: Mon, 25 Apr 2011 21:38:29 -0500 From: Ryan Coleman <editor@d3photography.com> To: Ryan Coleman <ryan.coleman@cwis.biz> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OpenVPN routing Message-ID: <5677ADC4-3BE8-46C0-8C19-C893276B79FE@d3photography.com> In-Reply-To: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> References: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
Also:
[root@nbserver1 /usr/home/ryanc]# ifconfig
em0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric =
0 mtu 1500
options=3D98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:14:22:15:dc:65
inet 192.168.46.2 netmask 0xffffff00 broadcast 192.168.46.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
tap0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> =
metric 0 mtu 1500
options=3D80000<LINKSTATE>
ether 00:bd:7e:86:1d:00
inet 192.168.47.1 netmask 0xffffff00 broadcast 192.168.47.255
Opened by PID 10341
bridge0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu 1500
ether 46:e1:75:c6:a3:a7
inet 192.168.47.254 netmask 0xffffff00 broadcast 192.168.47.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 2000000
member: em0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000
On Apr 25, 2011, at 9:36 PM, Ryan Coleman wrote:
> I've got an OpenVPN connection working to my remote server, but I want =
to route the traffic to the local LAN.
>=20
> I have a bridge set up, pingable... but can't ping the em1 =
(192.168.46.2) from the remote machine.
>=20
> Server.conf:
> local 192.168.46.2
> port 1194
> proto udp
> dev tap
> ca keys/cacert.pem
> cert keys/server.crt
> key keys/server.key # This file should be kept secret
> dh keys/dh1024.pem
> # Don't put this in the keys directory unless user nobody can read it
> crl-verify keys/crl.pem
> #Make sure this is your tunnel address pool
> server 192.168.47.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> #This is the route to push to the client, add more if necessary
> #push "route 192.168.46.254 255.255.255.0"
> push "route 192.168.47.0 255.255.255.0"
> push "dhcp-option DNS 192.168.45.10"
> keepalive 10 120
> cipher BF-CBC #Blowfish encryption
> comp-lzo
> #fragment
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-status.log
> verb 6
> mute 5
>=20
>=20
> client.conf:=20
> #Begin client.conf
> client
> dev tap
> proto udp
> remote sub.domain.ltd 1194
> nobind
> user nobody
> group nobody
> persist-key
> persist-tun
> #crl-verify
> #remote-cert-tls server
> ca keys/cacert.pem
> cert keys/ryanc.crt
> key keys/ryanc.key
> cipher BF-CBC
> comp-lzo
> verb 3
> mute 20
>=20
> Any ideas? As I said, I can talk to the remote server, but not the =
local LAN.
>=20
> To throw a new curveball in the mix, I'd like to talk to =
192.168.45.0/24 - which we have another VPN connecting the two networks =
(not running on a VPN I can do much with).
>=20
>=20
> Thanks,
> Ryan_______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5677ADC4-3BE8-46C0-8C19-C893276B79FE>