Re: Source routing howto

2016-03-09 Thread Ian Smith
On Wed, 9 Mar 2016 14:40:16 +0100, el...@sentor.se wrote: > On Wed, 9 Mar 2016, Jan Bramkamp wrote: [..] > > I would avoid policies based on IP addresses and prefer to define policies > > based on (pseudo-) interfaces e.g. route (and nat?) traffic from vlan123 > > through the VPN tunnel. > >

Re: Source routing howto

2016-03-09 Thread Vladimir Terziev
Don't forget, your router B should return back to router A (the FreeBSD box) all packets destinated to 10.10.10.0/24 . Regards, Vladimir On Mar 9, 2016, at 4:26 PM, el...@sentor.se wrote: > Intrersting! > Unfortunetly I can't test right now. Will let you know. > > If I understand correctly,

Re: Source routing howto

2016-03-09 Thread elof2
Ah! Yep, that boot option exist in 10.1 as well. :-) Now I have two approaches to test. Thanks! /Elof On Wed, 9 Mar 2016, Jan Bramkamp wrote: On 09/03/16 15:26, el...@sentor.se wrote: Regarding the FIBs: In FreeBSD 10.1 RELEASE, no extra FIBs can be added since that kernel is compiled wit

Re: Source routing howto

2016-03-09 Thread Jan Bramkamp
On 09/03/16 15:26, el...@sentor.se wrote: Regarding the FIBs: In FreeBSD 10.1 RELEASE, no extra FIBs can be added since that kernel is compiled without support for it. :-( I'm hesitant to break binary compability (I use freebsd-update). Will release 10.3 or 11.0 have "options ROUTETABLES=2" in

Re: Source routing howto

2016-03-09 Thread elof2
Intrersting! Unfortunetly I can't test right now. Will let you know. If I understand correctly, the 'ipfw fwd approach' don't use any FIBs, so it should be applicable to the *outgoing* traffic. Regarding the FIBs: In FreeBSD 10.1 RELEASE, no extra FIBs can be added since that kernel is com

Re: Source routing howto

2016-03-09 Thread Vladimir Terziev
Hi, would this rule to the trick for what you need ? ipfw add fwd Routed_B_IP ip from 10.10.10.0/24 to not 10.0.0.0/8 Regards, Vladimir On Mar 9, 2016, at 3:40 PM, wrote: > > On Wed, 9 Mar 2016, Jan Bramkamp wrote: >> On 09/03/16 11:29, el...@sentor.se wrote: >>> I've been searching the

Re: Source routing howto

2016-03-09 Thread elof2
On Wed, 9 Mar 2016, Jan Bramkamp wrote: On 09/03/16 11:29, el...@sentor.se wrote: I've been searching the internet but can't find any good documentation/examples on how to setup source routing in my FreeBSD. What I want to do: Let internet clients connect their OpenVPN to a FreeBSD box. The c

Re: Source routing howto

2016-03-09 Thread Jan Bramkamp
On 09/03/16 11:29, el...@sentor.se wrote: Hi all! I've been searching the internet but can't find any good documentation/examples on how to setup source routing in my FreeBSD. What I want to do: Let internet clients connect their OpenVPN to a FreeBSD box. The client's internet traffic should