[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SOLVED: stupid VPN problem
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: SOLVED: stupid VPN problem
- From: Toni Mueller <openbsd-misc_(_at_)_oeko_(_dot_)_net>
- Date: Sat, 8 May 2004 20:59:37 +0200
On Thu, 06.05.2004 at 13:29:19 +0300, yo2lux <lux_(_at_)_wplink_(_dot_)_net> wrote:
> net.inet.ip.forwarding enabled in /etc/sysctl.conf ?
an updated scenario is here, with better illustration:
The problem looks like there is no way for a packet from outside the
VPN gateway to enter the tunnel, only to leave it once it's inside the
tunnel. This is illustrated in the debug sessions contained in the
The solution was to manually add routes like this:
route add -net 192.168.1.0 -netmask 255.255.255.0 10.1.0.12
and vice versa on west. Please note that the gateway address for this
route is the address of the outgoing physical interface. So, contrary
to my previous impression, routing to a tunnel is _not_ automatic, but
needs to be set up manually (why?). If I had had a default route, I
would not have seen the problem.
Btw, I re-installed from official CDs in the meantime, but behaviour
was unchanged despite some (minor?) differences in some binaries...
Thanks to all who helped (one of you also suggested setting up manual
Visit your host, monkey.org