Date: Fri, 04 May 2007 19:27:20 +0200 From: "Neo [GC]" <neo@gothic-chat.de> To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Routing between subnets Message-ID: <463B6CF8.50005@gothic-chat.de>
next in thread | raw e-mail | index | archive | help
Hi,
i try to use a FreeBSD 6-STABLE machine as VPN-gateway for my home
network. For VPN I use OpenVPN, wich connects to an outside
OpenVPN-server. The connection itself works, but i need to get routing
working for my LAN.
I have searched in Google and group archives, but i can't find an easy
howto wich works for me. Hope, someone of you can help me.
I have set gateway_enable="yes" in my rc.conf, but it seems not to be
working. (Question: Must this be enabled on the outside VPN-server too?)
Config at home (deleted all unnessesary):
Output of ifconfig:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.10.0.6 --> 10.10.0.5 netmask 0xffffffff
Output of netstat -r:
Destination Gateway Flags Refs Use Netif Expire
default skynet.gothic-chat UGS 0 226 fxp0
10.10.0.1/32 10.10.0.5 UGS 0 0 tun0
10.10.0.5 10.10.0.6 UH 1 0 tun0
192.168.2 link#1 UC 0 0 fxp0
192.168.2.255 ff:ff:ff:ff:ff:ff UHLWb 1 29 fxp0
Config at the VPN-server:
Output of ifconfig:
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.10.0.1 --> 10.10.0.2 netmask 0xffffffff
Output of netstat -r:
Destination Gateway Flags Refs Use Netif Expire
default 83.133.111.1 UGS 0 57308679 em0
10.10/24 10.10.0.2 UGS 1 239 tun0
10.10.0.2 10.10.0.1 UH 1 0 tun0
192.168.2 10.10.0.6 UGS 0 2 tun0
I can ping in either direction between the two PCs with OpenVPN.
So far so good... I've set a route on another PC in the LAN (XP), wich
shows up in route print as
10.10.0.0 255.255.255.0 192.168.2.2 192.168.2.4 1
A tracert to 10.10.0.1 (the outside VPN-server) goes to 192.168.2.2
(wich is correct i think) and the goes no further...
As firewall at home i use ipfilter, wich is set to be completely open:
root@wintermute:~# ipfstat -i
empty list for ipfilter(in)
root@wintermute:~# ipfstat -o
empty list for ipfilter(out)
The firewall at the VPN-server has:
pass out quick on tun0 all
pass in quick on tun0 all
Thanks for all your help!
Greetings,
--
Neo [GC] / Thomas Weber
Webmaster @ GothNet.eu / Gothic-Chat.de
EMail: neo@gothic-chat.de
WWW: http://neo.gothic-chat.de/
Location: Earth::Germany::Munich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?463B6CF8.50005>