Re: VPN - almost got it
On 09/13/2017 01:54 PM, Andy Ruhl wrote: On Wed, Sep 13, 2017 at 8:59 AM, D'Arcy Cain wrote: ifconfig tun0 create ifconfig tun0 10.0.0.1 10.0.0.2 netmask 0xfffc route add 10.0.0.2/32 10.0.0.1 # should this be necessary? route add 192.168.215.0/24 10.0.0.2 On the internal machine I do this: ifconfig tun0 create ifconfig tun0 10.0.0.2 10.0.0.1 netmask 0xfffc route add 10.0.0.1/32 10.0.0.2 # should this be necessary? route add 192.168.0.0/24 10.0.0.1 /usr/bin/ssh -f -w 0:0 queen.vex.net true Those static routes shouldn't be necessary, the 2 tun interfaces are in the same subnet so no routing is needed. Thanks. I only added them as an experiment. Sorry, can't help with the rest, I haven't done this in NetBSD. That's OK. I figured it out. The machine doing the VPN was not the gateway. I just had to add a route on the gateway back to the VPN machine for that subnet. Thanks. -- D'Arcy J.M. Cain http://www.NetBSD.org/ IM:da...@vex.net
Re: VPN - almost got it
On Wed, Sep 13, 2017 at 8:59 AM, D'Arcy Cain wrote: > ifconfig tun0 create > ifconfig tun0 10.0.0.1 10.0.0.2 netmask 0xfffc > route add 10.0.0.2/32 10.0.0.1 # should this be necessary? > route add 192.168.215.0/24 10.0.0.2 > > On the internal machine I do this: > > ifconfig tun0 create > ifconfig tun0 10.0.0.2 10.0.0.1 netmask 0xfffc > route add 10.0.0.1/32 10.0.0.2 # should this be necessary? > route add 192.168.0.0/24 10.0.0.1 > /usr/bin/ssh -f -w 0:0 queen.vex.net true Those static routes shouldn't be necessary, the 2 tun interfaces are in the same subnet so no routing is needed. Sorry, can't help with the rest, I haven't done this in NetBSD. Andy
Re: VPN - almost got it
"D'Arcy Cain" wrote: => I am trying to set up a VPN between two NetBSD boxes, one of which has a => public address. Here is what I do on the public machine in rc.local: => => ifconfig tun0 create => ifconfig tun0 10.0.0.1 10.0.0.2 netmask 0xfffc => route add 10.0.0.2/32 10.0.0.1 # should this be necessary? => route add 192.168.215.0/24 10.0.0.2 => => On the internal machine I do this: => => ifconfig tun0 create => ifconfig tun0 10.0.0.2 10.0.0.1 netmask 0xfffc => route add 10.0.0.1/32 10.0.0.2 # should this be necessary? => route add 192.168.0.0/24 10.0.0.1 => /usr/bin/ssh -f -w 0:0 queen.vex.net true => => The IP address of the first machine is 192.168.0.57 and I can get there => fine from any machine in the 215 network. However I can't get to any => other machine on the 0 side. Both machines show "net.inet.ip.forwarding => = 1". Am I missing something else? Do the other machines on the 0 side have a route through their tunnel endpoint machine? Gary Duzan
VPN - almost got it
I am trying to set up a VPN between two NetBSD boxes, one of which has a public address. Here is what I do on the public machine in rc.local: ifconfig tun0 create ifconfig tun0 10.0.0.1 10.0.0.2 netmask 0xfffc route add 10.0.0.2/32 10.0.0.1 # should this be necessary? route add 192.168.215.0/24 10.0.0.2 On the internal machine I do this: ifconfig tun0 create ifconfig tun0 10.0.0.2 10.0.0.1 netmask 0xfffc route add 10.0.0.1/32 10.0.0.2 # should this be necessary? route add 192.168.0.0/24 10.0.0.1 /usr/bin/ssh -f -w 0:0 queen.vex.net true The IP address of the first machine is 192.168.0.57 and I can get there fine from any machine in the 215 network. However I can't get to any other machine on the 0 side. Both machines show "net.inet.ip.forwarding = 1". Am I missing something else? Cheers. -- D'Arcy J.M. Cain http://www.NetBSD.org/ IM:da...@vex.net