From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 20:51:08 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F32D1065670 for ; Tue, 26 Apr 2011 20:51:08 +0000 (UTC) (envelope-from ryan.coleman@cwis.biz) Received: from server.cwis.biz (70-89-202-5-invergrove-mn.hfc.comcastbusiness.net [70.89.202.5]) by mx1.freebsd.org (Postfix) with ESMTP id 6DD158FC12 for ; Tue, 26 Apr 2011 20:51:08 +0000 (UTC) Received: from server.cwis.biz (localhost [127.0.0.1]) by server.cwis.biz (Postfix) with ESMTP id 6CB49264E38C; Tue, 26 Apr 2011 15:52:18 -0500 (CDT) X-Virus-Scanned: amavisd-new at cwis.biz Received: from server.cwis.biz ([127.0.0.1]) by server.cwis.biz (server.cwis.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I4lqCLG-DdAV; Tue, 26 Apr 2011 15:52:05 -0500 (CDT) Received: from [192.168.46.76] (173-160-104-249-Minnesota.hfc.comcastbusiness.net [173.160.104.249]) by server.cwis.biz (Postfix) with ESMTPSA id BE94B264E38B; Tue, 26 Apr 2011 15:52:05 -0500 (CDT) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Ryan Coleman In-Reply-To: <201104261653.35417.milu@dat.pl> Date: Tue, 26 Apr 2011 15:50:54 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <403698FF-F38D-4250-A1E5-FF2D6DE8DAFE@cwis.biz> References: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> <6ABDD9A5-E75D-4998-8D49-C89B280F32D4@cwis.biz> <201104261653.35417.milu@dat.pl> To: Maciej Milewski X-Mailer: Apple Mail (2.1084) Cc: freebsd-questions@freebsd.org Subject: Re: OpenVPN routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 20:51:08 -0000 On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote: > On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: >> I have a bridge set up, pingable... but can't ping the em1 = (192.168.46.2)=20 > from the remote machine. > ... >> push "route 192.168.47.0 255.255.255.0" >=20 > Have you tried adding the route to 192.168.46.0/24 subnet into the vpn = client? >=20 > You want to ping the host/interface on different subnet. If you don't = set the=20 > routing to this subnet how your client should know that he needs to = put that=20 > packet through tap interface not defaultroute which I suspect is = different?=20 >=20 > Can you show the output of netstat -rn of the vpn client? >=20 > You may try to look into tcpdump on the vpn router to find what is = going with=20 > your packets.And for such scenario like vpnclient->vpnserver->network = you may=20 > even not need nat just simple routing will be enough as long as you = set it up=20 > on right. >=20 > My setup is based on tun interfaces and works like a charm. I don't = use nat=20 > and I only added routing info to the specific routers in the internal=20= > networks. >=20 > Maciej Milewski I'm going to have to get this information when I get home and am not on = the office LAN. I can do ping tests specifically through the tap0 = interface but not check the netstat report properly from inside the = network. -- Ryan