Routing between subnets

Neo [GC] neo at gothic-chat.de
Sat May 5 05:54:45 UTC 2007 

Hi,

i try to use a FreeBSD 6-STABLE machine as VPN-gateway for my home 
network. For VPN I use OpenVPN, wich connects to an outside 
OpenVPN-server. The connection itself works, but i need to get routing 
working for my LAN.
I have searched in Google and group archives, but i can't find an easy 
howto wich works for me. Hope, someone of you can help me.

I have set gateway_enable="yes" in my rc.conf, but it seems not to be 
working. (Question: Must this be enabled on the outside VPN-server too?)


Config at home (deleted all unnessesary):

Output of ifconfig:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         options=8<VLAN_MTU>
         inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
         inet 10.10.0.6 --> 10.10.0.5 netmask 0xffffffff

Output of netstat -r:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            skynet.gothic-chat UGS         0      226   fxp0
10.10.0.1/32       10.10.0.5          UGS         0        0   tun0
10.10.0.5          10.10.0.6          UH          1        0   tun0
192.168.2          link#1             UC          0        0   fxp0
192.168.2.255      ff:ff:ff:ff:ff:ff  UHLWb       1       29   fxp0


Config at the VPN-server:

Output of ifconfig:
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
         inet 10.10.0.1 --> 10.10.0.2 netmask 0xffffffff

Output of netstat -r:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            83.133.111.1       UGS         0 57308679    em0
10.10/24           10.10.0.2          UGS         1      239   tun0
10.10.0.2          10.10.0.1          UH          1        0   tun0
192.168.2          10.10.0.6          UGS         0        2   tun0


I can ping in either direction between the two PCs with OpenVPN.

So far so good... I've set a route on another PC in the LAN (XP), wich 
shows up in route print as
         10.10.0.0    255.255.255.0      192.168.2.2     192.168.2.4       1

A tracert to 10.10.0.1 (the outside VPN-server) goes to 192.168.2.2 
(wich is correct i think) and the goes no further...

As firewall at home i use ipfilter, wich is set to be completely open:
root at wintermute:~# ipfstat -i
empty list for ipfilter(in)
root at wintermute:~# ipfstat -o
empty list for ipfilter(out)

The firewall at the VPN-server has:
pass out quick on tun0 all
pass in quick on tun0 all


Thanks for all your help!

Greetings,

-- 
Neo [GC] / Thomas Weber

Webmaster @ GothNet.eu / Gothic-Chat.de

EMail: neo at gothic-chat.de
WWW: http://neo.gothic-chat.de/
Location: Earth::Germany::Munich
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list