Andrea Venturoli wrote: > > > > Anyone experienced with OpenVPN on FreeBSD? > > > > What would be the best way to policy route a network into OpenVPN? A > > routing decision must be based on the src IP address, not the dst IP > > address. > > > > Imagine an OpenVPN client with 3 interfaces: fxp0 is the outside > > interface towards the OpenVPN server, fxp1 is for LAN1 and fxp2 for > > LAN2. > > > > From LAN1, some private networks are reachable through OpenVPN > > (tun0), this is done via the regular route commands (pulled from the > > OpenVPN server). > > > > From LAN2, *everything* should be reachable only through OpenVPN. > > Which is the best way to accomplish this? > > > > Possibly pf's "route-to" rules: I've used those in the past, but as I've > reported, sometimes pf gets stuck and only stopping and starting it > again unblocks the network.
Will "ipfw fwd" do the trick? I could "ipfw fwd" the packets into the tun0 interface, but will OpenVPN understand that? > > Other ideas could be jails or setfib, but I've not thinked those out. > Of course, fxp2 could be placed in a dedicated fib, but I need fxp0 and fxp1 to remain in the main fib, and which fib will tun0 be in ? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"