From owner-freebsd-questions@FreeBSD.ORG Sun Mar 14 05:35:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 617F116A4CE for ; Sun, 14 Mar 2004 05:35:34 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 537EE43D1D for ; Sun, 14 Mar 2004 05:35:34 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.196.44]) by comcast.net (rwcrmhc12) with ESMTP id <2004031413353401400gmi8te>; Sun, 14 Mar 2004 13:35:34 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id 81228E; Sun, 14 Mar 2004 08:35:33 -0500 (EST) Sender: lowell@be-well.ilk.org To: freebsd-questions@FreeBSD.org References: <20040312011802.GA53651@keyslapper.org> From: Lowell Gilbert Date: 14 Mar 2004 08:35:32 -0500 In-Reply-To: <20040312011802.GA53651@keyslapper.org> Message-ID: <44u10ro8kb.fsf@be-well.ilk.org> Lines: 20 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: Louis LeBlanc Subject: Re: network routing and vpn connectivity X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Mar 2004 13:35:34 -0000 Louis LeBlanc writes: > I have a strange network question. > > I finally found the vpn client that actually manages to open a > connection to the Cisco vpn appliance my employer uses with a minimum > of pain (security/vpnc). The problem I'm having is making it possible > for my FreeBSD desktop at work to retain access to my FreeBSD desktop > at home while the vpn connection is active - in other words, I can > only get one way access. > > This is why: > With the vpn connection established, the only way the home machine can > connect to the work machine (via ssh, for example) is if I route the > work IP through the vpn device (tun1 in my case). Problem is that > when work tries to connect, home tries to route the response through > the vpn. Why shouldn't it do just that? It's sending a packet to the same address, why wouldn't it send the packet the same way?