On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote: > > I've got an OpenVPN connection working to my remote server, but I want to > route the traffic to the local LAN. > > I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) > from the remote machine. > > Server.conf: > local 192.168.46.2 > port 1194 > proto udp > dev tap > ca keys/cacert.pem > cert keys/server.crt > key keys/server.key # This file should be kept secret > dh keys/dh1024.pem > # Don't put this in the keys directory unless user nobody can read it > crl-verify keys/crl.pem > #Make sure this is your tunnel address pool > server 192.168.47.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > #This is the route to push to the client, add more if necessary > #push "route 192.168.46.254 255.255.255.0" > push "route 192.168.47.0 255.255.255.0" > push "dhcp-option DNS 192.168.45.10" > keepalive 10 120 > cipher BF-CBC #Blowfish encryption > comp-lzo > #fragment > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 6 > mute 5 > > > client.conf: > #Begin client.conf > client > dev tap > proto udp > remote sub.domain.ltd 1194 > nobind > user nobody > group nobody > persist-key > persist-tun > #crl-verify > #remote-cert-tls server > ca keys/cacert.pem > cert keys/ryanc.crt > key keys/ryanc.key > cipher BF-CBC > comp-lzo > verb 3 > mute 20 > > Any ideas? As I said, I can talk to the remote server, but not the local LAN. > > To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - > which we have another VPN connecting the two networks (not running on a VPN I > can do much with). > > > Thanks, > Ryan_______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Do you have packet forwarding (routing /gateway) enabled? An all-important, yet sometimes forgotten step... check if: sysctl net.inet.ip.forwarding returns 1 for enabled or not. You can enable it right away by setting to 1, and/or view the instructions in the handbook for greater detail including how to set as a startup option as well: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html -- Nathan Vidican nat...@vidican.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"