From owner-freebsd-questions@FreeBSD.ORG Sun Mar 14 07:42:53 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 467AB16A4F6 for ; Sun, 14 Mar 2004 07:42:53 -0800 (PST) Received: from out011.verizon.net (out011pub.verizon.net [206.46.170.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AAA143D48 for ; Sun, 14 Mar 2004 07:42:53 -0800 (PST) (envelope-from leblanc@keyslapper.org) Received: from keyslapper.org ([151.199.20.199]) by out011.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040314154252.VQIM18566.out011.verizon.net@keyslapper.org> for ; Sun, 14 Mar 2004 09:42:52 -0600 Received: from keyslapper.org (localhost [127.0.0.1]) by keyslapper.org (8.12.8p1/8.12.8) with ESMTP id i2EFgrnB049120 for ; Sun, 14 Mar 2004 10:42:53 -0500 (EST) (envelope-from leblanc@keyslapper.org) Received: (from leblanc@localhost) by keyslapper.org (8.12.8p1/8.12.8/Submit) id i2EFgrm4049119 for freebsd-questions@FreeBSD.org; Sun, 14 Mar 2004 10:42:53 -0500 (EST) Date: Sun, 14 Mar 2004 10:42:53 -0500 From: Louis LeBlanc To: freebsd-questions@FreeBSD.org Message-ID: <20040314154252.GA49058@keyslapper.org> Mail-Followup-To: freebsd-questions@FreeBSD.org References: <20040312011802.GA53651@keyslapper.org> <44u10ro8kb.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <44u10ro8kb.fsf@be-well.ilk.org> User-Agent: Mutt/1.5.6i X-Authentication-Info: Submitted using SMTP AUTH at out011.verizon.net from [151.199.20.199] at Sun, 14 Mar 2004 09:42:51 -0600 Subject: Re: network routing and vpn connectivity X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Mar 2004 15:42:53 -0000 On 03/14/04 08:35 AM, Lowell Gilbert sat at the `puter and typed: > Louis LeBlanc writes: > > > I have a strange network question. > > > > I finally found the vpn client that actually manages to open a > > connection to the Cisco vpn appliance my employer uses with a minimum > > of pain (security/vpnc). The problem I'm having is making it possible > > for my FreeBSD desktop at work to retain access to my FreeBSD desktop > > at home while the vpn connection is active - in other words, I can > > only get one way access. > > > > This is why: > > With the vpn connection established, the only way the home machine can > > connect to the work machine (via ssh, for example) is if I route the > > work IP through the vpn device (tun1 in my case). Problem is that > > when work tries to connect, home tries to route the response through > > the vpn. > > Why shouldn't it do just that? It's sending a packet to the same > address, why wouldn't it send the packet the same way? This is how I understand the problem: Home connects to vpn1 at work, creating a tun1 device. Problem is that vpnc doesn't create a default route to vpn1. Point is that I don't want EVERYTHING going through tun1, because that would cause problems with mail traffic coming from other places (this is my home network gateway). Once I set up routes to the vlan that Work belongs to, setting up the IP given to tun1 as the gateway, Home can connect to work. Problem is that the default route still goes to tun0 (my dsl device) which cannot change without interfering with all other traffic into the box. The question is can I set things up so that Work will come through the VPN pipe to get to Home? I'm starting to think I can't. Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ