route-to rule.

Stephane Raimbault segr at hotmail.com
Tue Jan 25 12:04:09 PST 2005


Hi chris,

Thanks for all your help btw :)

Okay, so I have my vpn routes and default routes setup already.... so I 
tried the config earlier today without the tun interfaces you suggested 
yesterday... and sure enough, once I put that in, I couldn't do dns 
lookups... I hadn't noticed it this morning cuz I only looked up already 
cached dns queries.  So something in this configuration is stopping dns 
(possible udp?) packets?  the pf box, seems to respond from the wan 
interfaces just fine and people are able to surf to sites previously cached 
in dns.

This is become a bit of a head scratcher.  Also, pinging the 10.1.0.0/24 and 
10.0.0.0/26 LAN's stop once I put in the configuration you suggested, or 
even whith the tun interfaces in the configuration it stops pinging.

so somewhere we are going ary.

Any thoughts?

Thanks,
Stephane.

>From: "Chris Dionissopoulos" <dionch at freemail.gr>
>Reply-To: "Chris Dionissopoulos" <dionch at freemail.gr>
>To: "Stephane Raimbault" <segr at hotmail.com>, <freebsd-pf at freebsd.org>
>Subject: Re: route-to rule.
>Date: Tue, 25 Jan 2005 20:43:09 +0200
>
>Hi,
>
>For vpn problem:
>Is routing already set in both sides?
>
>pf-box:
>route add 10.0.0.0/26 <tun0_other_peer_IP>
>
>Other vpn end:
>route add 10.0.1.0/24 <tun0_pf_box_IP>
>
>
>For DNS problem:
>You have to decide which gateway pf-box will use
>as default for own connections (default gateway is missing).
>route add default <gw1> |<gw2> maybe solves it.
>
>Chris.
>
>
>
>----- Original Message ----- From: "Stephane Raimbault" <segr at hotmail.com>
>To: <dionch at freemail.gr>; <freebsd-pf at freebsd.org>
>Sent: Tuesday, January 25, 2005 8:17 PM
>Subject: Re: route-to rule.
>
>
>>Well this is odd.. I gave this a try... and the tun interface wasn't able 
>>to pass traffic between the 2 lan's
>>
>>10.0.0.0/26 is the remote lan, and 10.1.0.0/24 is the local lan.
>>
>>and dns stopped working for the local lan... I have a caching dns server 
>>configured on the pf box, and even that couldn't resolve anything despite 
>>still having good network connections to the 2 wan's
>>
>>Any idea what's missing?
>>
>>Thanks,
>>sTephane.
>>
>
>
>____________________________________________________________________
>http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ.
>http://www.freemail.gr - free email service for the Greek-speaking.

_________________________________________________________________
Powerful Parental Controls Let your child discover the best the Internet has 
to offer. 
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines 
  Start enjoying all the benefits of MSN® Premium right now and get the 
first two months FREE*.



More information about the freebsd-pf mailing list