From owner-freebsd-questions@FreeBSD.ORG Tue Jul 16 18:09:52 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id D59D6A0D for ; Tue, 16 Jul 2013 18:09:52 +0000 (UTC) (envelope-from freebsdenml@fuckaround.org) Received: from mr004msr.fastwebnet.it (mr004msr.fastwebnet.it [85.18.95.67]) by mx1.freebsd.org (Postfix) with ESMTP id 696AD946 for ; Tue, 16 Jul 2013 18:09:52 +0000 (UTC) Received: from server1.fuckaround.org (93.49.16.11) by mr004msr.fastwebnet.it (8.5.140.03) (authenticated as secsec@fastwebnet.it) id 51CC06C00122C4F8 for freebsd-questions@freebsd.org; Tue, 16 Jul 2013 20:32:50 +0200 Received: by server1.fuckaround.org (Postfix, from userid 65534) id 424407590B0; Tue, 16 Jul 2013 20:09:44 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on server1.fuckaround.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=7.0 tests=ALL_TRUSTED autolearn=unavailable version=3.3.1 Received: from seashell.org (unknown [10.10.10.17]) by server1.fuckaround.org (Postfix) with ESMTP id 498B37590AF for ; Tue, 16 Jul 2013 20:09:42 +0200 (CEST) Message-ID: <51E58DA7.1040709@fuckaround.org> Date: Tue, 16 Jul 2013 20:15:03 +0200 From: Pol Hallen User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: openvpn routing Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jul 2013 18:09:52 -0000 Hi all :-) This freebsd server in an internal lan server, IP 192.168.1.254. 192.168.1.212 is gateway on internet. I've an easy config: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.212 UGS 0 31807 em0 10.20.10.0/24 10.20.10.2 UGS 0 0 tun0 10.20.10.1 link#5 UHS 0 0 lo0 10.20.10.2 link#5 UH 0 0 tun0 127.0.0.1 link#4 UH 0 3478 lo0 192.168.1.0/24 link#2 U 0 46116 em0 192.168.1.254 link#2 UHS 0 0 lo0 ifconfig em0: flags=8843 metric 0 mtu 1500 inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 lo0: flags=8049 metric 0 mtu 16384 [...] tun0: flags=8051 metric 0 mtu 1500 inet 10.20.10.1 --> 10.20.10.2 netmask 0xffffffff Problem is: 10.20.10.2 is a gateway? why? On clients I've this error: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options Tue Jul 16 19:28:30 2013 us=860975 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.20.10.0 Tue Jul 16 19:28:30 2013 us=861091 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options openvpn server config: port XXX proto udp dev tun ;dev-node tap0 ca /usr/local/etc/openvpn/XX.crt cert /usr/local/etc/openvpn/XX.crt key /usr/local/etc/openvpn/XX.key dh /usr/local/etc/openvpn/dh2048.pem server 10.20.10.0 255.255.255.0 push "route 10.20.10.0 255.255.255.0" ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt 0 ;duplicate-cn keepalive 10 120 ;cipher BF-CBC # Blowfish (default) ;cipher AES-256-CBC # AES cipher DES-EDE3-CBC # Triple-DES comp-lzo user nobody group nobody persist-key persist-tun ;status /var/log/openvpn-status.log ;log-append /var/log/openvpn.log verb 10 mute 20 client-to-client client-config-dir ccd "route 10.20.10.1 255.255.255.0" ping-restart 0 tls-auth /usr/local/etc/openvpn/ta.key 0 plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login #tmp-dir /dev/shm Almost same config on linux openvpn server runs. It's the server that create correct route. But on freebsd I've 10.20.10.2 like automatic gw. Any idea? thanks! Pol