On Apr 26, 2011, at 8:32 AM, Nathan Vidican wrote: > On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote: >> >> I've got an OpenVPN connection working to my remote server, but I want to >> route the traffic to the local LAN. >> >> I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) >> from the remote machine. >> >> Server.conf: >> local 192.168.46.2 >> port 1194 >> proto udp >> dev tap >> ca keys/cacert.pem >> cert keys/server.crt >> key keys/server.key # This file should be kept secret >> dh keys/dh1024.pem >> # Don't put this in the keys directory unless user nobody can read it >> crl-verify keys/crl.pem >> #Make sure this is your tunnel address pool >> server 192.168.47.0 255.255.255.0 >> ifconfig-pool-persist ipp.txt >> #This is the route to push to the client, add more if necessary >> #push "route 192.168.46.254 255.255.255.0" >> push "route 192.168.47.0 255.255.255.0" >> push "dhcp-option DNS 192.168.45.10" >> keepalive 10 120 >> cipher BF-CBC #Blowfish encryption >> comp-lzo >> #fragment >> user nobody >> group nobody >> persist-key >> persist-tun >> status openvpn-status.log >> verb 6 >> mute 5 >> >> >> client.conf: >> #Begin client.conf >> client >> dev tap >> proto udp >> remote sub.domain.ltd 1194 >> nobind >> user nobody >> group nobody >> persist-key >> persist-tun >> #crl-verify >> #remote-cert-tls server >> ca keys/cacert.pem >> cert keys/ryanc.crt >> key keys/ryanc.key >> cipher BF-CBC >> comp-lzo >> verb 3 >> mute 20 >> >> Any ideas? As I said, I can talk to the remote server, but not the local >> LAN. >> >> To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - >> which we have another VPN connecting the two networks (not running on a VPN >> I can do much with). > > > Do you have packet forwarding (routing /gateway) enabled? An > all-important, yet sometimes forgotten step... > check if: > > sysctl net.inet.ip.forwarding > > returns 1 for enabled or not. You can enable it right away by setting > to 1, and/or view the instructions in the handbook for greater detail > including how to set as a startup option as well: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html
Yes, it is enabled. And Maciej, I had server-bridge running before and it wasn't routing ICMP, nor anything else. I have ipnat enabled - as was recommended by one guide - and am routing everything from 192.168.47.0/24 to 0.0.0.0/32 (I'm not well versed on this specific area but that seems like it should be 0/0, right?) Relevant rc.conf: defaultrouter="192.168.46.254" hostname="nbserver1.allstatecom.local" ifconfig_em0="inet 192.168.46.2 netmask 255.255.255.0" openvpn_enable="YES" openvpn_configfile="/usr/local/etc/openvpn/server.conf" gateway_enable="YES" ipnat_enable="YES" Thanks again, Ryan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
