OpenVPN routing

Nathan Vidican nathan at vidican.com
Tue Apr 26 13:32:46 UTC 2011 

On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman <ryan.coleman at cwis.biz> wrote:
>
> I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN.
>
> I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine.
>
> Server.conf:
> local 192.168.46.2
> port 1194
> proto udp
> dev tap
> ca keys/cacert.pem
> cert keys/server.crt
> key keys/server.key # This file should be kept secret
> dh keys/dh1024.pem
> # Don't put this in the keys directory unless user nobody can read it
> crl-verify keys/crl.pem
> #Make sure this is your tunnel address pool
> server 192.168.47.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> #This is the route to push to the client, add more if necessary
> #push "route 192.168.46.254 255.255.255.0"
> push "route 192.168.47.0 255.255.255.0"
> push "dhcp-option DNS 192.168.45.10"
> keepalive 10 120
> cipher BF-CBC #Blowfish encryption
> comp-lzo
> #fragment
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-status.log
> verb 6
> mute 5
>
>
> client.conf:
> #Begin client.conf
> client
> dev tap
> proto udp
> remote sub.domain.ltd 1194
> nobind
> user nobody
> group nobody
> persist-key
> persist-tun
> #crl-verify
> #remote-cert-tls server
> ca keys/cacert.pem
> cert keys/ryanc.crt
> key keys/ryanc.key
> cipher BF-CBC
> comp-lzo
> verb 3
> mute 20
>
> Any ideas?  As I said, I can talk to the remote server, but not the local LAN.
>
> To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - which we have another VPN connecting the two networks (not running on a VPN I can do much with).
>
>
> Thanks,
> Ryan_______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


Do you have packet forwarding (routing /gateway) enabled? An
all-important, yet sometimes forgotten step...
check if:

   sysctl net.inet.ip.forwarding

returns 1 for enabled or not. You can enable it right away by setting
to 1, and/or view the instructions in the handbook for greater detail
including how to set as a startup option as well:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html

--
Nathan Vidican
nathan at vidican.com

More information about the freebsd-questions mailing list