[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SOLVED: stupid VPN problem

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: SOLVED: stupid VPN problem
From: Toni Mueller <openbsd-misc_(_at_)_oeko_(_dot_)_net>
Date: Sat, 8 May 2004 20:59:37 +0200

Hello,

On Thu, 06.05.2004 at 13:29:19 +0300, yo2lux <lux_(_at_)_wplink_(_dot_)_net> wrote:
> net.inet.ip.forwarding enabled in /etc/sysctl.conf ?

yes.

an updated scenario is here, with better illustration:

  http://www.oeko.net/download/vpn.2.tar.gz


The problem looks like there is no way for a packet from outside the
VPN gateway to enter the tunnel, only to leave it once it's inside the
tunnel. This is illustrated in the debug sessions contained in the
archives above.

The solution was to manually add routes like this:

On east:

route add -net 192.168.1.0 -netmask 255.255.255.0 10.1.0.12

and vice versa on west. Please note that the gateway address for this
route is the address of the outgoing physical interface. So, contrary
to my previous impression, routing to a tunnel is _not_ automatic, but
needs to be set up manually (why?). If I had had a default route, I
would not have seen the problem.

Btw, I re-installed from official CDs in the meantime, but behaviour
was unchanged despite some (minor?) differences in some binaries...

Thanks to all who helped (one of you also suggested setting up manual
routing).


Best,
--Toni++

Follow-Ups:
- Re: SOLVED: stupid VPN problem
  - From: Steve

References:
- 3.5: stupid VPN problem
  - From: Toni Mueller

Prev by Date: OBSD 3.4 Denial of Service Question
Next by Date: Re: OBSD 3.4 Denial of Service Question
Previous by thread: 3.5: stupid VPN problem
Next by thread: Re: SOLVED: stupid VPN problem
Index(es):
- Date
- Thread

Visit your host, monkey.org