OpenVPN routing

Ryan Coleman editor at d3photography.com
Tue Apr 26 23:15:24 UTC 2011 

On Apr 26, 2011, at 3:50 PM, Ryan Coleman wrote:

> On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote:
> 
>> On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote:
>>> I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) 
>> from the remote machine.
>> ...
>>> push "route 192.168.47.0 255.255.255.0"
>> 
>> Have you tried adding the route to 192.168.46.0/24 subnet into the vpn client?
>> 
>> You want to ping the host/interface on different subnet. If you don't set the 
>> routing to this subnet how your client should know that he needs to put that 
>> packet through tap interface not defaultroute which I suspect is different? 
>> 
>> Can you show the output of netstat -rn of the vpn client?
>> 
>> You may try to look into tcpdump on the vpn router to find what is going with 
>> your packets.And for such scenario like vpnclient->vpnserver->network you may 
>> even not need nat just simple routing will be enough as long as you set it up 
>> on right.
>> 
>> My setup is based on tun interfaces and works like a charm. I don't use nat 
>> and I only added routing info to the specific routers in the internal 
>> networks.
>> 
>> Maciej Milewski
> 
> I'm going to have to get this information when I get home and am not on the office LAN. I can do ping tests specifically through the tap0 interface but not check the netstat report properly from inside the network.
Maciej,

Here you go: 

Ryan-Colemans-MacBook-Pro:~ ryanjcole$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            10.0.1.1           UGSc           61        0     en1
10.0.1/24          link#5             UCS             3        0     en1
10.0.1.1           0:23:12:f7:37:cc   UHLWI          89     1268     en1   1142
10.0.1.2           0:14:d1:1f:79:1b   UHLWI           0      837     en1    183
10.0.1.198         127.0.0.1          UHS             0        0     lo0
10.0.1.255         ff:ff:ff:ff:ff:ff  UHLWbI          0        6     en1
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              2       75     lo0
169.254            link#5             UCS             0        0     en1
172.16.87/24       link#7             UC              1        0  vmnet1
172.16.87.255      ff:ff:ff:ff:ff:ff  UHLWbI          0        3  vmnet1
192.168.46         192.168.47.2       UGSc            0        0    tap0
192.168.47         link#10            UC              1        0    tap0
192.168.47.2       link#10            UHLWI           1        0    tap0

Internet6:
Destination                             Gateway                         Flags         Netif Expire
::1                                     ::1                             UH              lo0
fe80::%lo0/64                           fe80::1%lo0                     Uc              lo0
fe80::1%lo0                             link#1                          UHL             lo0
fe80::%en1/64                           link#5                          UC              en1
fe80::224:36ff:fea1:1d68%en1            0:24:36:a1:1d:68                UHLW            en1
fe80::9227:e4ff:fef8:b2fb%en1           90:27:e4:f8:b2:fb               UHL             lo0
ff01::/32                               ::1                             Um              lo0
ff02::/32                               ::1                             UmC             lo0
ff02::/32                               link#5                          UmC             en1

Ryan-Colemans-MacBook-Pro:~ ryanjcole$ ping 192.168.46.2
PING 192.168.46.2 (192.168.46.2): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

More information about the freebsd-questions mailing list