From owner-freebsd-net@FreeBSD.ORG Fri Dec 19 13:30:14 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 819051065670 for ; Fri, 19 Dec 2008 13:30:14 +0000 (UTC) (envelope-from dunc@lemonia.org) Received: from tang.lemonia.org (tang.lemonia.org [88.208.192.38]) by mx1.freebsd.org (Postfix) with ESMTP id 43BC58FC25 for ; Fri, 19 Dec 2008 13:30:14 +0000 (UTC) (envelope-from dunc@lemonia.org) Received: from gateway.ash.thebunker.net ([213.129.64.4] helo=[172.16.3.10]) by tang.lemonia.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LDeuS-0004iq-Ae; Fri, 19 Dec 2008 12:56:57 +0000 Message-ID: <494B9A10.4020402@lemonia.org> Date: Fri, 19 Dec 2008 12:56:48 +0000 From: Dunc User-Agent: Thunderbird 2.0.0.18 (X11/20081105) MIME-Version: 1.0 To: Noah Silverman References: <494B93E3.5020202@bitfreak.org> In-Reply-To: <494B93E3.5020202@bitfreak.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 213.129.64.4 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on tang.lemonia.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on tang.lemonia.org) Cc: freebsd-net@freebsd.org Subject: Re: Surf outside Internet through VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2008 13:30:14 -0000 Darren Pilgrim wrote: > Noah Silverman wrote: >> I want to find a way to pass ALL traffic from my laptop THROUGH my >> office VPN and then out to the Internet. This is a "road warrior" >> setup. This gives me a few benefits: 1) I can check my email >> securely through VPN. 2) No matter where I am, I will always have >> the external IP of my VPN server when accessing the web. >> >> I have setup a VPN. Was able to get it working with either tun or >> tap interfaces. That part seems OK. >> >> Now what?? (I can see and connect to the VPN server with '10.0.8.1' >> easily. I can't see or connect to the outside world.) Do I need to >> add some kind of special route in the routing table? > > If you can talk to arbitrary hosts on your office network--not just > the VPN server--setting your default router to the office's gateway > will achieve what you want. > _______________________________________________ If you meant the internal address of the office's gateway, then changing the default route to that means that you will no longer be able to reach the public IP of the VPN peer. What you need to do is, i) Add a host route to the VPN peer address, via your current default gateway on whatever network you happen to be on ii) Change your default route to be something on your office net that is willing to router traffic out the Internet for you. This potentially could the internal address of your office firewall, if it knows how to route back to you via the VPN terminating box. Alternatively just the other end of your tunnel, I'm guessing from the above that it's '10.0.8.1' If you're using OpenVPN, then the "redirect-gateway" directive tries to do the above for you. Cheers, Dunc