Hi,
On Thu, May 12, 2011 at 10:20 AM, <sam...@email.cz> wrote:
> Hi,
>
> I have a problem with the different behavior of OpenVPN under FreeBSD 7 and
> FreeBSD 8. Problem is as follows. I have created an OpenVPN server and IPSEC
> tunnel. I have a client which is connecting via OpenVPN to LAN.
>
> This is working properly (client is able to reach all computers inside LAN
> and their services) in both cases - FreeBSD 7 and 8. The problem occurs when
> I want to connect (e.g. PING) the LAN interface of FreeBSD - for example
> "em0" with IP 192.168.1.1.
>
> On FreeBSD 7 (server) when I run tcpdump, I see packets coming from the
> OpenVPN network on the FreeBSD LAN interface ("em0" with IP 192.168.1.1) -
> everything works as should.
>
> On FreeBSD 8 (server) - the ping from the client to LAN interface "em0" is
> working (I get reply from ip 192.168.1.1 (em0) on client PC), but when I run
> tcpdump on the LAN interface (192.168.1.1 - em0), I don't see any ICMP
> packets. (I wonder, what is answering me then?).
>
I wonder if this does not have to do with how OpenVPN re-inject packet
in the kernel, what path it follows, and where the bpf hook are. I am
not sure of what would be expected when sniffing on an interface.
Would you intend to see only the traffic going in and out the physical
interface ? or would you intend to see all the the traffic matching a
parameter associated with an interface (IP address, ...) ?
You should also have an internal route trough `lo0' for local traffic.
I found out that even without that route, local traffic go trough
`lo0', with all the consequences, like IPv4 checksum not being
computed [which does not even seem to be tunable btw.].
- Arnaud
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
