route-to rule.

Stephane Raimbault segr at
Tue Jan 25 12:04:09 PST 2005

Hi chris,

Thanks for all your help btw :)

Okay, so I have my vpn routes and default routes setup already.... so I 
tried the config earlier today without the tun interfaces you suggested 
yesterday... and sure enough, once I put that in, I couldn't do dns 
lookups... I hadn't noticed it this morning cuz I only looked up already 
cached dns queries.  So something in this configuration is stopping dns 
(possible udp?) packets?  the pf box, seems to respond from the wan 
interfaces just fine and people are able to surf to sites previously cached 
in dns.

This is become a bit of a head scratcher.  Also, pinging the and LAN's stop once I put in the configuration you suggested, or 
even whith the tun interfaces in the configuration it stops pinging.

so somewhere we are going ary.

Any thoughts?


>From: "Chris Dionissopoulos" <dionch at>
>Reply-To: "Chris Dionissopoulos" <dionch at>
>To: "Stephane Raimbault" <segr at>, <freebsd-pf at>
>Subject: Re: route-to rule.
>Date: Tue, 25 Jan 2005 20:43:09 +0200
>For vpn problem:
>Is routing already set in both sides?
>route add <tun0_other_peer_IP>
>Other vpn end:
>route add <tun0_pf_box_IP>
>For DNS problem:
>You have to decide which gateway pf-box will use
>as default for own connections (default gateway is missing).
>route add default <gw1> |<gw2> maybe solves it.
>----- Original Message ----- From: "Stephane Raimbault" <segr at>
>To: <dionch at>; <freebsd-pf at>
>Sent: Tuesday, January 25, 2005 8:17 PM
>Subject: Re: route-to rule.
>>Well this is odd.. I gave this a try... and the tun interface wasn't able 
>>to pass traffic between the 2 lan's
>> is the remote lan, and is the local lan.
>>and dns stopped working for the local lan... I have a caching dns server 
>>configured on the pf box, and even that couldn't resolve anything despite 
>>still having good network connections to the 2 wan's
>>Any idea what's missing?
> - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ.
> - free email service for the Greek-speaking.

Powerful Parental Controls Let your child discover the best the Internet has 
to offer. 
  Start enjoying all the benefits of MSN® Premium right now and get the 
first two months FREE*.

More information about the freebsd-pf mailing list