From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 02:36:24 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 544211065672 for ; Tue, 26 Apr 2011 02:36:24 +0000 (UTC) (envelope-from ryan.coleman@cwis.biz) Received: from server.cwis.biz (70-89-202-5-invergrove-mn.hfc.comcastbusiness.net [70.89.202.5]) by mx1.freebsd.org (Postfix) with ESMTP id 294728FC17 for ; Tue, 26 Apr 2011 02:36:23 +0000 (UTC) Received: from server.cwis.biz (localhost [127.0.0.1]) by server.cwis.biz (Postfix) with ESMTP id 72724264E204 for ; Mon, 25 Apr 2011 21:37:31 -0500 (CDT) X-Virus-Scanned: amavisd-new at cwis.biz Received: from server.cwis.biz ([127.0.0.1]) by server.cwis.biz (server.cwis.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4eWbSjWO7nr for ; Mon, 25 Apr 2011 21:37:18 -0500 (CDT) Received: from [10.0.1.198] (70-89-202-1-invergrove-mn.hfc.comcastbusiness.net [70.89.202.1]) by server.cwis.biz (Postfix) with ESMTPSA id EE6B9264E203 for ; Mon, 25 Apr 2011 21:37:18 -0500 (CDT) From: Ryan Coleman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 25 Apr 2011 21:36:10 -0500 Message-Id: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> To: FreeBSD Mailing List Mime-Version: 1.0 (Apple Message framework v1084) X-Mailer: Apple Mail (2.1084) Subject: OpenVPN routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 02:36:24 -0000 I've got an OpenVPN connection working to my remote server, but I want = to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 = (192.168.46.2) from the remote machine. Server.conf: local 192.168.46.2 port 1194 proto udp dev tap ca keys/cacert.pem cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh1024.pem # Don't put this in the keys directory unless user nobody can read it crl-verify keys/crl.pem #Make sure this is your tunnel address pool server 192.168.47.0 255.255.255.0 ifconfig-pool-persist ipp.txt #This is the route to push to the client, add more if necessary #push "route 192.168.46.254 255.255.255.0" push "route 192.168.47.0 255.255.255.0" push "dhcp-option DNS 192.168.45.10" keepalive 10 120 cipher BF-CBC #Blowfish encryption comp-lzo #fragment user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 mute 5 client.conf:=20 #Begin client.conf client dev tap proto udp remote sub.domain.ltd 1194 nobind user nobody group nobody persist-key persist-tun #crl-verify #remote-cert-tls server ca keys/cacert.pem cert keys/ryanc.crt key keys/ryanc.key cipher BF-CBC comp-lzo verb 3 mute 20 Any ideas? As I said, I can talk to the remote server, but not the = local LAN. To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 = - which we have another VPN connecting the two networks (not running on = a VPN I can do much with). Thanks, Ryan=