Date: Tue, 26 Apr 2011 18:15:09 -0500 From: Ryan Coleman <editor@d3photography.com> To: Ryan Coleman <ryan.coleman@cwis.biz> Cc: Maciej Milewski <milu@dat.pl>, freebsd-questions@freebsd.org Subject: Re: OpenVPN routing Message-ID: <612D04A1-EEAB-4443-A336-36A53CB7DA22@d3photography.com> In-Reply-To: <403698FF-F38D-4250-A1E5-FF2D6DE8DAFE@cwis.biz> References: <6073BC9F-553D-41E2-AE42-341B61850EA7@cwis.biz> <BANLkTikvQRGiFS%2BvRu4_tk3aOsFt7zubwA@mail.gmail.com> <6ABDD9A5-E75D-4998-8D49-C89B280F32D4@cwis.biz> <201104261653.35417.milu@dat.pl> <403698FF-F38D-4250-A1E5-FF2D6DE8DAFE@cwis.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 26, 2011, at 3:50 PM, Ryan Coleman wrote: > On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote: >=20 >> On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: >>> I have a bridge set up, pingable... but can't ping the em1 = (192.168.46.2)=20 >> from the remote machine. >> ... >>> push "route 192.168.47.0 255.255.255.0" >>=20 >> Have you tried adding the route to 192.168.46.0/24 subnet into the = vpn client? >>=20 >> You want to ping the host/interface on different subnet. If you don't = set the=20 >> routing to this subnet how your client should know that he needs to = put that=20 >> packet through tap interface not defaultroute which I suspect is = different?=20 >>=20 >> Can you show the output of netstat -rn of the vpn client? >>=20 >> You may try to look into tcpdump on the vpn router to find what is = going with=20 >> your packets.And for such scenario like vpnclient->vpnserver->network = you may=20 >> even not need nat just simple routing will be enough as long as you = set it up=20 >> on right. >>=20 >> My setup is based on tun interfaces and works like a charm. I don't = use nat=20 >> and I only added routing info to the specific routers in the internal=20= >> networks. >>=20 >> Maciej Milewski >=20 > I'm going to have to get this information when I get home and am not = on the office LAN. I can do ping tests specifically through the tap0 = interface but not check the netstat report properly from inside the = network. Maciej, Here you go:=20 Ryan-Colemans-MacBook-Pro:~ ryanjcole$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif = Expire default 10.0.1.1 UGSc 61 0 en1 10.0.1/24 link#5 UCS 3 0 en1 10.0.1.1 0:23:12:f7:37:cc UHLWI 89 1268 en1 = 1142 10.0.1.2 0:14:d1:1f:79:1b UHLWI 0 837 en1 = 183 10.0.1.198 127.0.0.1 UHS 0 0 lo0 10.0.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en1 127 127.0.0.1 UCS 0 0 lo0 127.0.0.1 127.0.0.1 UH 2 75 lo0 169.254 link#5 UCS 0 0 en1 172.16.87/24 link#7 UC 1 0 vmnet1 172.16.87.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 vmnet1 192.168.46 192.168.47.2 UGSc 0 0 tap0 192.168.47 link#10 UC 1 0 tap0 192.168.47.2 link#10 UHLWI 1 0 tap0 Internet6: Destination Gateway = Flags Netif Expire ::1 ::1 = UH lo0 fe80::%lo0/64 fe80::1%lo0 = Uc lo0 fe80::1%lo0 link#1 = UHL lo0 fe80::%en1/64 link#5 = UC en1 fe80::224:36ff:fea1:1d68%en1 0:24:36:a1:1d:68 = UHLW en1 fe80::9227:e4ff:fef8:b2fb%en1 90:27:e4:f8:b2:fb = UHL lo0 ff01::/32 ::1 = Um lo0 ff02::/32 ::1 = UmC lo0 ff02::/32 link#5 = UmC en1 Ryan-Colemans-MacBook-Pro:~ ryanjcole$ ping 192.168.46.2 PING 192.168.46.2 (192.168.46.2): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?612D04A1-EEAB-4443-A336-36A53CB7DA22>