Re: FreeBSD routing problem
> From: hrkesh sahu > Date: Thu, 3 Oct 2013 19:09:02 +0530 > To: "Julian H. Stacey" > Cc: Polytropon , > FreeBSD questions Hi, No idea why it was To: me. > Content-Type: text/html; charset=windows-1252 > Content-Transfer-Encoding: quoted-printable I dislike MS & windows & quoted-printable, > Content-Type: application/msword; name="1.5.VendorD.Topology.doc" > Content-Disposition: attachment; filename="1.5.VendorD.Topology.doc" MS excrement not accepted. http://www.berklix.com/~jhs/std/no_ms_format.txt Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD routing problem
Hi All, I am facing a routing issue for the Interoperability 1.5 topology. Please find the attachment of the exact topology map. As per test setup – Ø Configured REF-Router2 NOT to transmit Router Advertisement on Network1. But REF-Router2 is able to transmit Router Advertisement on Network2 with 2001:db8::3::/64 . Ø Configured a static route on TAR-RouterD ( ubuntu) Indicating REF-Router2’s Link local address as the next hop for the Network2 . Ø But Ref-Router Not able to routes between Network1 and Network2. Due to this ICMPv6 request from TAR-router to the global address of REF-Host2 is not working. There is no reply for this ICMPv6 request. Ø Same when I try to transmit ICMPv6 Echo request from REF-HOST2 to global address of TAR-HOST1( Prefix of TAR-RouterD), no ICMPv6 reply. Ø Within Network1 , nodes are able to communicate. But when I try to communicate Netwrok2 from Network1, it is not working. Could you please suggest tell me if I am missing something to route the traffic on REF-Router ? I suspect , as there is no Route Advertisement on Interface1 of the Ref-Router, it is not able to route the traffic between the interfaces. Please help me to find this solution. Regards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: openvpn routing
> This freebsd server in an internal lan server, IP 192.168.1.254. > 192.168.1.212 is gateway on internet. [...] tap --> tun solved :-) Pol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
openvpn routing
Hi all :-) This freebsd server in an internal lan server, IP 192.168.1.254. 192.168.1.212 is gateway on internet. I've an easy config: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.212 UGS 031807em0 10.20.10.0/24 10.20.10.2 UGS 00 tun0 10.20.10.1 link#5 UHS 00lo0 10.20.10.2 link#5 UH 00 tun0 127.0.0.1 link#4 UH 0 3478lo0 192.168.1.0/24 link#2 U 046116em0 192.168.1.254 link#2 UHS 00lo0 ifconfig em0: flags=8843 metric 0 mtu 1500 inet 192.168.1.254 netmask 0xff00 broadcast 192.168.1.255 lo0: flags=8049 metric 0 mtu 16384 [...] tun0: flags=8051 metric 0 mtu 1500 inet 10.20.10.1 --> 10.20.10.2 netmask 0x Problem is: 10.20.10.2 is a gateway? why? On clients I've this error: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options Tue Jul 16 19:28:30 2013 us=860975 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.20.10.0 Tue Jul 16 19:28:30 2013 us=861091 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options openvpn server config: port XXX proto udp dev tun ;dev-node tap0 ca /usr/local/etc/openvpn/XX.crt cert /usr/local/etc/openvpn/XX.crt key /usr/local/etc/openvpn/XX.key dh /usr/local/etc/openvpn/dh2048.pem server 10.20.10.0 255.255.255.0 push "route 10.20.10.0 255.255.255.0" ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt 0 ;duplicate-cn keepalive 10 120 ;cipher BF-CBC# Blowfish (default) ;cipher AES-256-CBC # AES cipher DES-EDE3-CBC # Triple-DES comp-lzo user nobody group nobody persist-key persist-tun ;status /var/log/openvpn-status.log ;log-append /var/log/openvpn.log verb 10 mute 20 client-to-client client-config-dir ccd "route 10.20.10.1 255.255.255.0" ping-restart 0 tls-auth /usr/local/etc/openvpn/ta.key 0 plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login #tmp-dir /dev/shm Almost same config on linux openvpn server runs. It's the server that create correct route. But on freebsd I've 10.20.10.2 like automatic gw. Any idea? thanks! Pol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: routing issues to freebsd.org
Hi, On Mon, 8 Jul 2013 08:01:09 -0400 staticsafe wrote: > On Mon, Jul 08, 2013 at 09:57:59AM +0100, Paul Macdonald wrote: > > > > On doing some updates this morning, am seeing a routing issue beyond > > bgp1-ext.ysv.freebsd.org... > > > > Updating Index > > fetch: http://www.FreeBSD.org/ports/INDEX-9.bz2: No route to host > > > > www.freebsd.org.513 IN CNAME wfe0.ysv.freebsd.org. > > wfe0.ysv.freebsd.org. 1690IN A 8.8.178.110 > > > > Perhaps an issue on your end (probably on the reverse route)? it was the same story in Indonesia. Erich > > Traces look fine from multiple networks: > http://sprunge.us/JFeS > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: routing issues to freebsd.org
Paul Macdonald schreef: On doing some updates this morning, am seeing a routing issue beyond bgp1-ext.ysv.freebsd.org... Updating Index fetch: http://www.FreeBSD.org/ports/INDEX-9.bz2: No route to host www.freebsd.org.513 IN CNAME wfe0.ysv.freebsd.org. wfe0.ysv.freebsd.org. 1690IN A 8.8.178.110 traceroute to 8.8.178.110 (8.8.178.110), 64 hops max, 52 byte packets 1 -- 0.528 ms 0.462 ms 0.428 ms 2 490.net2.north.dc5.as20860.net (62.233.127.210) 0.267 ms 0.263 ms 0.263 ms 3 593.core1.thn.as20860.net (62.233.127.173) 111.922 ms 49.373 ms 1.125 ms 4 ae3-309.lon11.ip4.tinet.net (77.67.74.101) 1.080 ms 1.181 ms 1.081 ms 5 xe-9-1-0.sjc10.ip4.tinet.net (89.149.184.53) 145.580 ms 145.746 ms xe-8-1-0.sjc10.ip4.tinet.net (89.149.183.17) 145.216 ms 6 213.200.66.238 (213.200.66.238) 145.702 ms 188.823 ms ge-0-3-9.pat1.sjc.yahoo.com (216.115.96.10) 219.331 ms 7 bgp1-ext.ysv.freebsd.org (216.115.101.227) 146.013 ms 146.385 ms ae-5.pat2.sjc.yahoo.com (216.115.105.19) 145.653 ms 8 * * bgp1-ext.ysv.freebsd.org (216.115.101.227) 146.519 ms 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * Paul. I noticed FreeBSD was not accessable this morning. svnup gives me the following. svnup stable svnup: connect failure: Connection refused earlier i could not even open www.freebsd.org, so something is or was not right. Now www.freebsd.org works again gr Johan Hendriks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: routing issues to freebsd.org
On Mon, Jul 08, 2013 at 09:57:59AM +0100, Paul Macdonald wrote: > > On doing some updates this morning, am seeing a routing issue beyond > bgp1-ext.ysv.freebsd.org... > > Updating Index > fetch: http://www.FreeBSD.org/ports/INDEX-9.bz2: No route to host > > www.freebsd.org.513 IN CNAME wfe0.ysv.freebsd.org. > wfe0.ysv.freebsd.org. 1690IN A 8.8.178.110 > Perhaps an issue on your end (probably on the reverse route)? Traces look fine from multiple networks: http://sprunge.us/JFeS -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post. Please don't CC! I'm subscribed to whatever list I just posted on. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
routing issues to freebsd.org
On doing some updates this morning, am seeing a routing issue beyond bgp1-ext.ysv.freebsd.org... Updating Index fetch: http://www.FreeBSD.org/ports/INDEX-9.bz2: No route to host www.freebsd.org.513 IN CNAME wfe0.ysv.freebsd.org. wfe0.ysv.freebsd.org. 1690IN A 8.8.178.110 traceroute to 8.8.178.110 (8.8.178.110), 64 hops max, 52 byte packets 1 -- 0.528 ms 0.462 ms 0.428 ms 2 490.net2.north.dc5.as20860.net (62.233.127.210) 0.267 ms 0.263 ms 0.263 ms 3 593.core1.thn.as20860.net (62.233.127.173) 111.922 ms 49.373 ms 1.125 ms 4 ae3-309.lon11.ip4.tinet.net (77.67.74.101) 1.080 ms 1.181 ms 1.081 ms 5 xe-9-1-0.sjc10.ip4.tinet.net (89.149.184.53) 145.580 ms 145.746 ms xe-8-1-0.sjc10.ip4.tinet.net (89.149.183.17) 145.216 ms 6 213.200.66.238 (213.200.66.238) 145.702 ms 188.823 ms ge-0-3-9.pat1.sjc.yahoo.com (216.115.96.10) 219.331 ms 7 bgp1-ext.ysv.freebsd.org (216.115.101.227) 146.013 ms 146.385 ms ae-5.pat2.sjc.yahoo.com (216.115.105.19) 145.653 ms 8 * * bgp1-ext.ysv.freebsd.org (216.115.101.227) 146.519 ms 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * Paul. -- - Paul Macdonald IFDNRG Ltd Web and video hosting - t: 0131 5548070 m: 07970339546 e: p...@ifdnrg.com w: http://www.ifdnrg.com - IFDNRG 40 Maritime Street Edinburgh EH6 6SA High Specification Dedicated Servers from £100.00pm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
SOLVED /23 static routing question
On 13/03/2013 14:59, Paul Macdonald wrote: Hi, I have added an IP of the 2nd group of 254 addresses in a /23. let's call them100.100.98.0 and 100.100.99.0 what's the correct way to set up the routing table for this and how my rc.conf should look Currently netstat shows something like the below DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 But i suspect i want: Internet: DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 100.100.99.0 link#1 U 0 1470707172 bge0 or 100.100.98.0/23 link#1 U 0 1470707172 bge0 restarting routing seemed to do this fine...:P /" FreeBSD will automatically identify any hosts (//test0//in the example) on the local Ethernet and add a route for that host, directly to it over the Ethernet interface, //ed0"// /http://www.freebsd.org/doc/handbook/network-routing.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
/23 static routing question
Hi, I have added an IP of the 2nd group of 254 addresses in a /23. let's call them100.100.98.0 and 100.100.99.0 what's the correct way to set up the routing table for this and how my rc.conf should look Currently netstat shows something like the below DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 But i suspect i want: Internet: DestinationGatewayFlagsRefs Use Netif Expire default100.100.98.254 UGS 0 111301074 bge0 100.100.98.0 link#1 U 0 1470707172 bge0 100.100.99.0 link#1 U 0 1470707172 bge0 or 100.100.98.0/23 link#1 U 0 1470707172 bge0 many thanks Paul. -- - Paul Macdonald IFDNRG Ltd Web and video hosting - t: 0131 5548070 m: 07970339546 e: p...@ifdnrg.com w: http://www.ifdnrg.com - IFDNRG 40 Maritime Street Edinburgh EH6 6SA High Specification Dedicated Servers from £100.00pm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: vlan routing
On Sun, 10 Mar 2013, ??? ??? wrote: 2013/3/10 : I am trying set this up. First I munged the IP addresses. Not to worry if I hit yours. I did the following commands: ifconfig vlan0 create ifconfig vlan0 vlan 95 vlandev fxp0 ifconfig vlan0 inet 134.217.128.117 netmask 255.255.255.0 ifconfig fxp0 add 134.217.128.117 netmask 255.255.255.0 route add -inet 134.217.128.117 134.217.128.1 ifconfig shows: fxp0: flags=8843 metric 0 mtu 1500 options=8 ether 00:d0:b7:56:cf:ab inet 45.22.17.3 netmask 0xfc00 broadcast 45.22.19.255 inet 45.22.17.17 netmask 0x broadcast 45.22.17.17 inet 134.217.128.117 netmask 0xff00 broadcast 134.217.128.255 media: Ethernet autoselect (100baseTX ) status: active bge0: flags=8802 metric 0 mtu 1500 options=9b ether 00:09:5b:60:e4:1f media: Ethernet autoselect (none) status: no carrier vlan0: flags=8843 metric 0 mtu 1500 ether 00:d0:b7:56:cf:ab inet 134.217.128.117 netmask 0xff00 broadcast 134.217.128.255 media: Ethernet autoselect (100baseTX ) status: active vlan: 95 parent interface: fxp0 Needless to say it does not work. The switch is programmed correctly (I am told). My questions are (1) it seems like the option got applied to the wrong interface; (2) what did I miss?? I also tried booting the system with IP of 134.217.128.117 but I did not get the rc.conf macros correctly. I do know I can not route through the switch without going the vlan commands. _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" I guess you shouldn't put the same IP address on two interfaces (vlan and fxp0), you need to decide wherther you need tagged or untagged vlan frames there and, depending on this decision put the IP address on VLAN interface (tagged variant) or fxp0 (untagged one). If i understand your task correctly, then this line is faulty from your configuration: ifconfig fxp0 add 134.217.128.117 netmask 255.255.255.0 You don't need it. route add -inet 134.217.128.117 134.217.128.1 This is smth absoulutely wrong:) Basically, if you only need a vlan interface that could be used for routing, you need these commands only: ifconfig vlan95 create ifconfig vlan95 inet 134.217.128.117/24 vlan 95 vlandev fxp0 and in /etc/rc.conf you should put such strings: cloned_interfaces="vlan95" ifconfig_vlan95="inet 134.217.128.117/24 vlan 95 vlandev fxp0" for the interface to be created on reboot. Hope this helps. Thanks I will try _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: vlan routing
2013/3/10 : > I am trying set this up. First I munged the IP addresses. Not to worry if I > hit yours. I did the following commands: > >ifconfig vlan0 create >ifconfig vlan0 vlan 95 vlandev fxp0 >ifconfig vlan0 inet 134.217.128.117 netmask 255.255.255.0 >ifconfig fxp0 add 134.217.128.117 netmask 255.255.255.0 >route add -inet 134.217.128.117 134.217.128.1 > > ifconfig shows: > > fxp0: flags=8843 metric 0 mtu 1500 > options=8 > ether 00:d0:b7:56:cf:ab > inet 45.22.17.3 netmask 0xfc00 broadcast 45.22.19.255 > inet 45.22.17.17 netmask 0x broadcast 45.22.17.17 > inet 134.217.128.117 netmask 0xff00 broadcast 134.217.128.255 > media: Ethernet autoselect (100baseTX ) > status: active > bge0: flags=8802 metric 0 mtu 1500 > options=9b > ether 00:09:5b:60:e4:1f > media: Ethernet autoselect (none) > status: no carrier > vlan0: flags=8843 metric 0 mtu 1500 > ether 00:d0:b7:56:cf:ab > inet 134.217.128.117 netmask 0xff00 broadcast 134.217.128.255 > media: Ethernet autoselect (100baseTX ) > status: active > vlan: 95 parent interface: fxp0 > > Needless to say it does not work. The switch is programmed correctly (I am > told). My questions are (1) it seems like the option got applied to the > wrong interface; (2) what did I miss?? > > I also tried booting the system with IP of 134.217.128.117 but I did not get > the rc.conf macros correctly. I do know I can not route through the switch > without going the vlan commands. > > _ > Douglas Denault > http://www.safeport.com > d...@safeport.com > Voice: 301-217-9220 > Fax: 301-217-9277 > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" I guess you shouldn't put the same IP address on two interfaces (vlan and fxp0), you need to decide wherther you need tagged or untagged vlan frames there and, depending on this decision put the IP address on VLAN interface (tagged variant) or fxp0 (untagged one). If i understand your task correctly, then this line is faulty from your configuration: >ifconfig fxp0 add 134.217.128.117 netmask 255.255.255.0 You don't need it. >route add -inet 134.217.128.117 134.217.128.1 This is smth absoulutely wrong:) Basically, if you only need a vlan interface that could be used for routing, you need these commands only: ifconfig vlan95 create ifconfig vlan95 inet 134.217.128.117/24 vlan 95 vlandev fxp0 and in /etc/rc.conf you should put such strings: cloned_interfaces="vlan95" ifconfig_vlan95="inet 134.217.128.117/24 vlan 95 vlandev fxp0" for the interface to be created on reboot. Hope this helps. -- ~~~ WBR, Vitaliy Turovets NOC Lead @TV-Net ISP NOC Lead @Service Outsourcing company +38(093)265-70-55 VITU-RIPE X-NCC-RegID: ua.tv ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
vlan routing
I am trying set this up. First I munged the IP addresses. Not to worry if I hit yours. I did the following commands: ifconfig vlan0 create ifconfig vlan0 vlan 95 vlandev fxp0 ifconfig vlan0 inet 134.217.128.117 netmask 255.255.255.0 ifconfig fxp0 add 134.217.128.117 netmask 255.255.255.0 route add -inet 134.217.128.117 134.217.128.1 ifconfig shows: fxp0: flags=8843 metric 0 mtu 1500 options=8 ether 00:d0:b7:56:cf:ab inet 45.22.17.3 netmask 0xfc00 broadcast 45.22.19.255 inet 45.22.17.17 netmask 0x broadcast 45.22.17.17 inet 134.217.128.117 netmask 0xff00 broadcast 134.217.128.255 media: Ethernet autoselect (100baseTX ) status: active bge0: flags=8802 metric 0 mtu 1500 options=9b ether 00:09:5b:60:e4:1f media: Ethernet autoselect (none) status: no carrier vlan0: flags=8843 metric 0 mtu 1500 ether 00:d0:b7:56:cf:ab inet 134.217.128.117 netmask 0xff00 broadcast 134.217.128.255 media: Ethernet autoselect (100baseTX ) status: active vlan: 95 parent interface: fxp0 Needless to say it does not work. The switch is programmed correctly (I am told). My questions are (1) it seems like the option got applied to the wrong interface; (2) what did I miss?? I also tried booting the system with IP of 134.217.128.117 but I did not get the rc.conf macros correctly. I do know I can not route through the switch without going the vlan commands. _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Different take on old FAQ: multihoming and source-based routing
Hi everyone, I've been doing a lot of google searching recently for variants of "freebsd source-based routing" to look for how to get a dual-homed FreeBSD machine to send to the correct default gateway based on the source address of the packets it's expecting that gateway to pass along. You can't send a packet with a Comcast source address to the AT&T default gateway and expect it to actually make it out onto the public internet, etc. Universally, the posts I've been finding that discuss this always recommend creating multiple routing tables with "options ROUTETABLES=..." which I wasn't willing to do, because my wild youthful kernel-recompiling days are over -- these days I like the advantages that come with using a pure GENERIC kernel. :-) So, today I tried the following /etc/pf.conf: > if = "bge0" > v4_addr_1 = "173.228.91.225" > v4_net_1 = "173.228.91.0/24" > v4_gw_1 = "173.228.91.1" > v4_addr_2 = "50.193.24.82" > v4_net_2 = "50.193.24.80/28" > v4_gw_2 = "50.193.24.94" > > pass out quick on $if route-to ($if $v4_gw_1) inet from $v4_addr_1 to > !$v4_net_1 no state > pass out quick on $if route-to ($if $v4_gw_2) inet from $v4_addr_2 to > !$v4_net_2 no state > #pass out quick on $if route-to ($if $v6_gw_1) inet6 from $v6_addr_1 to > !$v6_net_1 no state > > pass all no state I guess my setup is a bit simpler than the norm because I only have one physical interface, that both networks are on. But... by Jove, it seems to be working! Is there something I'm missing? Is this going to break in some subtle edge case that I'm just not seeing? If it really is this simple, why does everyone keep recommending the "options ROUTETABLES" approach? Thanks, ~Ben___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problem with routing in VmWare VMS
On Fri, Jun 22, 2012 at 3:13 PM, UNIX developer @ Google.com < developeru...@gmail.com> wrote: > Ok, I understud! > I remove from rc.conf this rows: > static_routes="clnet" > route_clnet="-net 192.168.2.0/24 192.168.1.10" > > new rc.conf: > ifconfig_em0=" inet 192.168.1.10 netmask 255.255.255.0" > ifconfig_em1=" inet 192.168.2.1 netmask 255.255.255.0" > defaultrouter="192.168.1.1" > gateway_enable="YES" > > > now after reboot the problem still the same. > > ping -S 192.168.2.1 192.168.1.1 > PING 192.168.1.1 (192.168.1.1) from 192.168.2.1: 56 data bytes > ^C > --- 192.168.1.1 ping statistics --- > 8 packets transmitted, 0 packets received, 100.0% packet loss > > > netstat -nr > Routing tables > > Internet: > DestinationGatewayFlagsRefs Use Netif Expire > default192.168.1.1UGS 0 38em0 > 127.0.0.1 link#4 UH 00lo0 > 192.168.1.0/24 link#1 U 0 1153em0 > 192.168.1.10 link#1 UHS 06lo0 > 192.168.2.0/24 link#2 U 00em1 > 192.168.2.1link#2 UHS 06lo0 > > Where more can be trouble? > > > - > Вы писали 22 июня 2012 г., 0:56:49: > > > On Thu, 21 Jun 2012 15:59:36 -0500, UNIX developer @ Google.com > > wrote: > > >> /etc/rc.conf > >> ifconfig_em0=" inet 192.168.1.10 netmask 255.255.255.0" > >> ifconfig_em1=" inet 192.168.2.1 netmask 255.255.255.0" > >> defaultrouter="192.168.1.1" > >> gateway_enable="YES" > >> static_routes="clnet" > >> route_clnet="-net 192.168.2.0/24 192.168.1.10" > > > You simply CANNOT do this. Traffic for 192.168.2.0/24 is bound to em1 > and > > cannot be changed. You setup a static route that basically says "to find > > 192.168.2.0/24, don't use em1 but instead ask 192.168.1.10 how to find > it"? > > > This makes no sense at all. > > > -- > С уважением, > UNIX mailto:developeru...@gmail.com > Hi, Your problem, as Mark told you, is that you are buildinga gateway to connect two networks on the same subnet. Regards, Alexandre ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Problem with routing in VmWare VMS
Thank you, Mark! All work! - Вы писали 22 июня 2012 г., 16:31:39: > On Fri, 22 Jun 2012 08:10:43 -0500, UNIX developer @ Google.com > wrote: >> now after reboot the problem still the same. >> ping -S 192.168.2.1 192.168.1.1 >> PING 192.168.1.1 (192.168.1.1) from 192.168.2.1: 56 data bytes >> ^C >> --- 192.168.1.1 ping statistics --- >> 8 packets transmitted, 0 packets received, 100.0% packet loss > 192.168.1.1 does not know how to find 192.168.2.1, so it can't respond to > the ping. I bet it only has a default route to the internet. If you add a > static route on 192.168.1.1 telling it that it can find 192.168.2.0/24 at > 192.168.1.10 it will probably work. > On 192.168.1.1: > route add -net 192.168.2.0/24 192.168.1.10 > Now the pings will work. -- С уважением, UNIX mailto:developeru...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problem with routing in VmWare VMS
On Thu, 21 Jun 2012 15:59:36 -0500, UNIX developer @ Google.com wrote: /etc/rc.conf ifconfig_em0=" inet 192.168.1.10 netmask 255.255.255.0" ifconfig_em1=" inet 192.168.2.1 netmask 255.255.255.0" defaultrouter="192.168.1.1" gateway_enable="YES" static_routes="clnet" route_clnet="-net 192.168.2.0/24 192.168.1.10" You simply CANNOT do this. Traffic for 192.168.2.0/24 is bound to em1 and cannot be changed. You setup a static route that basically says "to find 192.168.2.0/24, don't use em1 but instead ask 192.168.1.10 how to find it"? This makes no sense at all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Problem with routing in VmWare VMS
Hi! I have problem with routing on FreeBSD. I have ESXi 5 host. In there is 5 VMs and one of them is a BSD. I need create router on BSD. I try to setting up it with this manual: http://www.freebsd.org/doc/handbook/network-routing.html but problem is still the same... I cant ping external network from local network. # ping -S 192.168.2.1 192.168.1.4 ... no replays ... many packets sent and 100% loss. Ok ^C. My configs: /ets/sysctl.conf net.inet.ip.forwarding=1 /etc/rc.conf ifconfig_em0=" inet 192.168.1.10 netmask 255.255.255.0" ifconfig_em1=" inet 192.168.2.1 netmask 255.255.255.0" defaultrouter="192.168.1.1" gateway_enable="YES" static_routes="clnet" route_clnet="-net 192.168.2.0/24 192.168.1.10" after booting in netstat is: # netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.1UGS 02em0 127.0.0.1 link#4 UH 00lo0 192.168.1.0/24 link#1 U 0 120em0 192.168.1.10 link#1 UHS 00lo0 192.168.2.0/24 link#2 U 00em1 192.168.2.1link#2 UHS 00 lo0 after /etc/rc.d/routing restart, I see: # netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.1.1UGS 02em0 127.0.0.1 link#4 UH 00lo0 192.168.1.0/24 link#1 U 0 120em0 192.168.1.10 link#1 UHS 00lo0 192.168.2.0/24 192.168.1.10 U 00em1 192.168.2.1link#2 UHS 00lo0 What I need to do for other VMs from routed network cat get the external network? Please help me solve this problem. If need more information, please write for me! Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing
On Apr 13, 2012, at 4:58 PM, Mark Felder wrote: > On Fri, 13 Apr 2012 15:53:49 -0500, Chad Leigh Shire.Net LLC > wrote: > >> No NAT needed since they share the network stack under Jails v1 they share >> the routing tables. It works. Try it. > > You're clearly exploiting a bug in FreeBSD 6's jails. It was a documented behavior when I first started using jails ca. 2004 in FreeBSD 5. Which is why I did it that way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing
On Fri, 13 Apr 2012 15:53:49 -0500, Chad Leigh Shire.Net LLC wrote: No NAT needed since they share the network stack under Jails v1 they share the routing tables. It works. Try it. You're clearly exploiting a bug in FreeBSD 6's jails. It must get confused and send your public IP on those packets. I have no idea how it processes the return traffic successfully, but "that's a neat trick!". There is no possible way for this to work without NAT or whatever bug this is. If a Jail has a 192.168 IP all packets would leave with a source of 192.168. When Google or whoever on the internet gets your packets it would see 192.168 and probably drop it because that's not a publicly routable network. Without NAT it's impossible for any device anywhere on the planet to access the internet with an RFC 1918 IP address. I urge you to share your experience on the freebsd-jail@ mailing list. Those guys might be able to lend some further insight. I bet the change came with the update to jails that allows multiple IPs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing
On Apr 13, 2012, at 1:50 PM, Mark Felder wrote: > Do I understand this right? > > > Working in FreeBSD 6.x: > > interface em0: 1.2.3.4/24 <-- public IP, host only > 192.168.1.1/24 <-- private IP, host only > 192.168.1.2/24 <-- Jail #1 > 192.168.1.3/24 <-- Jail #2 > > > With this configuration you had no problems accessing the internet from the > jails. correct. (not that it did not matter I don't think is the private IP, host only exists and ALL IP exist on the host in addition to whatever Jail they are assigned to) > > Is this correct? This seems bizarre; this should only be possible if you're > doing NAT somewhere in there and that is not possible with Jails v1 (which > share a network stack) and is only possible in Jails v2 (vnet). No NAT needed since they share the network stack under Jails v1 they share the routing tables. It works. Try it. The question is, is it possible to do something similar with FreeBSD 9 jails (v2 I guess) without the overhead of running NAT? The jail with the private IP *can* access the HOST's public services but not anyone else's Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing
Do I understand this right? Working in FreeBSD 6.x: interface em0: 1.2.3.4/24 <-- public IP, host only 192.168.1.1/24 <-- private IP, host only 192.168.1.2/24 <-- Jail #1 192.168.1.3/24 <-- Jail #2 With this configuration you had no problems accessing the internet from the jails. Is this correct? This seems bizarre; this should only be possible if you're doing NAT somewhere in there and that is not possible with Jails v1 (which share a network stack) and is only possible in Jails v2 (vnet). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing
Hi All OK, so I have a server that has been running FreeBSD 6.1 and a bunch of jails, providing a few limited services. I am migrating these from real hardware and FreeBSD 6.1 with jail running, to a Xen based VPS running FreeBSD 9.0-R with a kernel rebuild from a GENERIC kernel to GENERIC plus the Xen pci device. There is one network device on the new server and it shares all addresses and the default route goes out it. Because jails in FBSD 6 shared a network stack, I could have a public network x.x.x.0/24 and public address on the host machine, and a default route in that network as well, and use a 192.168.1.0/24 address aliased on the same network interface as the IP for my jail. When doing that, from inside the jail, I could still reach the internet since it shared the route with the underlying machine. That seems to have changed on FBSD 9. Now, if I add in the 192.168.1.0/24 address and run a jail on it, with the host machine in a public network/address/route as described above, from inside the jail I CANNOT reach the internet (it is not a resolver issue as services going to numeric addresses also fail). However, the jail with the private 192.168.1.0/24 address CAN reach the host machines services even if it cannot get out onto the internet. And the HOST machine can access services on the jail running on the private IP address. (The purpose of the jail is to provide services to other jails and hosts on the same public network [all VPS on the same public vlan] and NOT to provide services to the internet. Things like local ldap or a local dns etc. But the private jail still needs to reach the internet for things like name servers it needs to access that are outside of the public network the host lives in. So I don't care if the internet itself can reach the private jail, just the local jails and hosts it co-exists with. The answer shouldn't be natd etc (was not needed in 6.0 and I am not sharing one public address with a range of private jails behind it). If I launch the jail with an address from the same public range as the host, it works fine. The jail can access the internet fine and vice versa. The host can access the jail services as well. If I launch the jail with a private address, the jail cannot reach the internet. It can reach the host in the public network, but not other machines in the same public network (ie, the other VPS I have running which are all in the same public network). If I launch the jail with both a private address and a public address, it can reach the internet and other VPS on the same public network. I may have to end up doing that and just not having any services run on the public IP but I'd rather avoid using up an address like that. What changes happened in the jails between FBSD 6 and FBSD 9 that would give the symptoms I have been experiencing? Thanks Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: RIP routing protocol implementation is FreeBSD?
I'd try routed_enable = "YES" instead. Regards Éric Masson I have now setup a virtual instance of FreeBSD and another machine running Bind9 on OpenBSD. I can tell that the system is receiving RIP updates as netstat -r shows the routes advertised by my router however, it seems that RIP isn't being advertised by FreeBSD. My /etc/rc.conf file looks as such: router_enable="YES" router_flags="-P ripv2 ripv2_out" From the manual I wasn't quite sure if I needed to put the above 'router_flags' syntax or if: ripv2 ripv2_out should be put in the /etc/gateways file. I tried Google'ing around but found almost no information on how to use the service. However, on bootup the system claims: "switch to trace file ripv2_out". Running: sh ip route in the IOS only shows the C (connected routers) or S* (the gateway of last resort) but no dynamic RIP updates R. Ok got something wrong here??? Can anyone assist. Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: RIP routing protocol implementation is FreeBSD?
On 01/30/2012 07:11 PM, Eric Masson wrote: Eric Masson writes: Sorry, Followup to myself. I'd try routed_enable = "YES" instead. router_enable = "YES" as Michael stated in another post. Regards Éric Masson The generic syntax of rc.conf is like so (using mine as example): zfs_enable="YES" nfs_server_flags="-a -t -n 4" nfs_server_enable="YES" rpc_statd_enable="YES" rpc_lockd_enable="YES" rpcbind_enable="YES" mountd_enable="YES" mountd_flags="-r" munin_node_enable="NO" zabbix_server_enable="NO" zabbix_agentd_enable="NO" icecast_enable="NO" darkice_enable="NO" fail2ban_enable="YES" implying: routerd_enable="YES" :-) :-) :-) Best regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: RIP routing protocol implementation is FreeBSD?
On 01/30/2012 06:53 PM, Eric Masson wrote: Kaya Saman writes: Hi, does anyone know if there's an implementation of the RIP version 2 routing protocol in FreeBSD??? man 8 routed I did check out the handbook for the enable_routerd="YES" I'd try routed_enable = "YES" instead. Regards Éric Masson Syntax blooper. It's sometimes hard to remember 'EVERYTHING' but once I see the /etc/rc.conf file I will know what is needed and how it's used :-) Thanks for the correction though. Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: RIP routing protocol implementation is FreeBSD?
On 01/30/2012 06:47 PM, Michael Sierchio wrote: On Mon, Jan 30, 2012 at 10:33 AM, Kaya Saman wrote: Hi there, does anyone know if there's an implementation of the RIP version 2 routing protocol in FreeBSD??? man routed The routed utility is a daemon invoked at boot time to manage the network routing tables. It uses Routing Information Protocol, RIPv1 (RFC 1058), RIPv2 (RFC 1723), and Internet Router Discovery Protocol (RFC 1256) to maintain the kernel routing table. router_enable="YES" in /etc/rc.conf this has nothing to do with NAT, btw. Thanks for the response. sorry I think I wasn't getting my point through clearly enough. Am Cisco Engineer so know the difference between NAT, PAT, Static routing and dynamic routing ;-) Yep I read about it in the handbook and yes I have used it before but not for dynamic routing. The NAT'ing is what I did previously and was just mentioning what I 'had' used before. which was everything but dynamic routing on FreeBSD 8.0 :-) P.s. sorry if what I'm trying to say isn't getting out clearly enough :-) Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: RIP routing protocol implementation is FreeBSD?
Eric Masson writes: Sorry, Followup to myself. > I'd try routed_enable = "YES" instead. router_enable = "YES" as Michael stated in another post. Regards Éric Masson -- > et me dis quil y a eu une merde avec le serveur truc machin et que ca a > fait un gros server crash. OU ets la merde? Fallait choisir le serveur bidule, c'est pour ça. -+- EJ in guide du linuxien pervers - "Tout ça c'est de la bidouille" -+- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: RIP routing protocol implementation is FreeBSD?
Kaya Saman writes: Hi, > does anyone know if there's an implementation of the RIP version 2 > routing protocol in FreeBSD??? man 8 routed > I did check out the handbook for the enable_routerd="YES" I'd try routed_enable = "YES" instead. Regards Éric Masson -- je crosspost sur fr rec moto pour ce triste modéle d'intolérance. [...] PS :Désolé mon logiciel de news ne permet pas les follow up et je n'en changerai certainement pas pour vous etre agréable. -+- CC in Guide du Neuneu Usenet - Bien configurer son incompétence -+- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: RIP routing protocol implementation is FreeBSD?
On Mon, Jan 30, 2012 at 10:33 AM, Kaya Saman wrote: > Hi there, > > does anyone know if there's an implementation of the RIP version 2 routing > protocol in FreeBSD??? man routed The routed utility is a daemon invoked at boot time to manage the network routing tables. It uses Routing Information Protocol, RIPv1 (RFC 1058), RIPv2 (RFC 1723), and Internet Router Discovery Protocol (RFC 1256) to maintain the kernel routing table. router_enable="YES" in /etc/rc.conf this has nothing to do with NAT, btw. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RIP routing protocol implementation is FreeBSD?
Hi there, does anyone know if there's an implementation of the RIP version 2 routing protocol in FreeBSD??? I would like to use it to exchange routes with my Cisco 857W router as the BSD machine will provide routing for a virtual test network in VBox. I did check out the handbook for the enable_routerd="YES" and have used that before as default gateway of 'last-resort' with NAT but never RIP as don't wana use NAT in this case. OpenBSD definitely has it but since am more familiar with FreeBSD I thought let's try here first :-) Can anyone help me out? Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Displaying Routing Tables
On Fri, Jan 27, 2012 at 9:38 PM, Bernt Hansson wrote: > 2012-01-28 05:40, Chris Maness skrev: > >> Executing route under linux displays all of the routing info for that >> host. For the life of me I cannot figure out how to get the BSD route >> command to dump the whole table at once. I have used the GET flag to >> find one specific entry. Is it possible to see all routes and once >> like the Linux route command? > > > netstat -r Thanks Guys, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Displaying Routing Tables
Executing route under linux displays all of the routing info for that host. For the life of me I cannot figure out how to get the BSD route command to dump the whole table at once. I have used the GET flag to find one specific entry. Is it possible to see all routes and once like the Linux route command? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question UPDATE - WPA
On 01/14/12 16:28, Waitman Gobble wrote: On Fri, Jan 13, 2012 at 8:34 AM, Waitman Gobble wrote: On Jan 13, 2012 7:19 AM, "Matthias Apitz" wrote: El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble escribió: Hi, Thanks. I've always heard countless rumors about WPA being wise :) I'll take your advice and take a step up in technology. My "stubborn conservatism" probably roots back to the time when not all devices could do WPA, or at least I had crazy trouble getting things to work. But this learned attitude was probably around 2000, which was like a million years ago with dinosaurs and stuff. Time for me to finally get with it. ... Concerning WEP ./. WPA: From the technical point it is clear, WPA is more secure; but there are other aspects as well; we have had in Germany cases where the WAN IP of the AP appeared as source addr of some kind of crime (access to child porn or whatever) and the AP owner said: I'm using WEP, it was not me, and someone highjacked my AP ... and he/she went home as free person; matthias -- Matthias Apitz e - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 thanks, going to try WPA this weekend. My apartment is not so convenient for drive-by scanners (cant think of the proper term at the moment) but i do have at least one neighbor who appears potentially suspect.. like he might try to hack my ap for fun. Waitman Hi, Today I picked up a D-Link DIR-815 and set it up for WPA with TKIP/PSK. I believe i followed the instructions in the FreeBSD handbook. However, the wpa_supplicant appears to hang indefinitely. If i control-c it barfs out an error. This clones ale0 wired NIC MAC to ath0 wireless NIC for lagg ifconfig ath0 ether 00:23:5a:59:e1:e4 ifconfig wlan0 create wlandev ath0 ssid BOOTAY ifconfig wlan0 up scan here's the wpa_supplicant that's hanging: wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf Trying to associate with 1c:7e:e5:de:ed:52 (SSID='BOOTAY' freq=2452 MHz) Associated with 1c:7e:e5:de:ed:52 WPA: Key negotiation completed with 1c:7e:e5:de:ed:52 [PTK=TKIP GTK=TKIP] CTRL-EVENT-CONNECTED - Connection to 1c:7e:e5:de:ed:52 completed (auth) [id=0 id_str=] ^CCTRL-EVENT-TERMINATING - signal 2 received ioctl[SIOCS80211, op 20, len 7]: Can't assign requested address ELOOP: remaining socket: sock=4 eloop_data=0x284081c0 user_data=0x28412080 handler=0x806d620 If I terminate with ampersand to run asynchronously it keeps running and i have a wireless connection - it works. p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf& I guess that makes sense but the handbook is not clear to me that it's to be done this way. It's the first time i've set up WPA on FreeBSD so i'm not 100% about what to expect. i am noticing messages about rekeying, so maybe the wpa-supplicant is supposed to keep running. here's /etc/wpa_supplicant.conf network={ ssid="BOOTAY" psk="PASSWORD GOES HERE" } here's the rest of the lagg to set wired/wireless interface with a failover configuration. this is pretty clear in the handbook but i'll put it here in case someone runs across the thread in the future. ifconfig ale0 up ifconfig wlan0 up ifconfig lagg0 create ifconfig lagg0 up laggproto failover laggport ale0 laggport wlan0 10.0.0.20/24 Just stick the config in rc.conf and make sure you include "WPA" in the wlan0 definition. It will "just work" then. For reference, to run wpa_supplicant from the cli you usually add "-B" in the flags to daemonise it, and run in the background; otherwise it will run in the foreground for debugging purposes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question UPDATE - WPA
On Fri, Jan 13, 2012 at 8:34 AM, Waitman Gobble wrote: > > On Jan 13, 2012 7:19 AM, "Matthias Apitz" wrote: > > > > El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble > escribió: > > > > > Hi, > > > > > > Thanks. I've always heard countless rumors about WPA being wise :) I'll > > > take your advice and take a step up in technology. My "stubborn > > > conservatism" probably roots back to the time when not all devices > could do > > > WPA, or at least I had crazy trouble getting things to work. But this > > > learned attitude was probably around 2000, which was like a million > years > > > ago with dinosaurs and stuff. Time for me to finally get with it. > > > > > > ... > > > > Concerning WEP ./. WPA: From the technical point it is clear, WPA is > > more secure; but there are other aspects as well; we have had in Germany > > cases where the WAN IP of the AP appeared as source addr of some kind of > > crime (access to child porn or whatever) and the AP owner said: I'm > > using WEP, it was not me, and someone highjacked my AP ... and he/she > > went home as free person; > > > >matthias > > -- > > Matthias Apitz > > e - w http://www.unixarea.de/ > > UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) > > UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 > > thanks, going to try WPA this weekend. > > My apartment is not so convenient for drive-by scanners (cant think of the > proper term at the moment) but i do have at least one neighbor who appears > potentially suspect.. like he might try to hack my ap for fun. > > Waitman > Hi, Today I picked up a D-Link DIR-815 and set it up for WPA with TKIP/PSK. I believe i followed the instructions in the FreeBSD handbook. However, the wpa_supplicant appears to hang indefinitely. If i control-c it barfs out an error. This clones ale0 wired NIC MAC to ath0 wireless NIC for lagg ifconfig ath0 ether 00:23:5a:59:e1:e4 ifconfig wlan0 create wlandev ath0 ssid BOOTAY ifconfig wlan0 up scan here's the wpa_supplicant that's hanging: wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf Trying to associate with 1c:7e:e5:de:ed:52 (SSID='BOOTAY' freq=2452 MHz) Associated with 1c:7e:e5:de:ed:52 WPA: Key negotiation completed with 1c:7e:e5:de:ed:52 [PTK=TKIP GTK=TKIP] CTRL-EVENT-CONNECTED - Connection to 1c:7e:e5:de:ed:52 completed (auth) [id=0 id_str=] ^CCTRL-EVENT-TERMINATING - signal 2 received ioctl[SIOCS80211, op 20, len 7]: Can't assign requested address ELOOP: remaining socket: sock=4 eloop_data=0x284081c0 user_data=0x28412080 handler=0x806d620 If I terminate with ampersand to run asynchronously it keeps running and i have a wireless connection - it works. p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf & I guess that makes sense but the handbook is not clear to me that it's to be done this way. It's the first time i've set up WPA on FreeBSD so i'm not 100% about what to expect. i am noticing messages about rekeying, so maybe the wpa-supplicant is supposed to keep running. here's /etc/wpa_supplicant.conf network={ ssid="BOOTAY" psk="PASSWORD GOES HERE" } here's the rest of the lagg to set wired/wireless interface with a failover configuration. this is pretty clear in the handbook but i'll put it here in case someone runs across the thread in the future. ifconfig ale0 up ifconfig wlan0 up ifconfig lagg0 create ifconfig lagg0 up laggproto failover laggport ale0 laggport wlan0 10.0.0.20/24 Thanks Waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question
On 01/14/12 01:38, Warren Block wrote: On Thu, 12 Jan 2012, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green "wireless" light appears on netbook ) On other models of the Aspire One (AOA150 and D250), adding some ath-specific settings to /boot/loader.conf enables the LED: dev.ath.0.ledpin=3 dev.ath.0.softled=1 I'm curious as to how you can find out which pin to use in this setting? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question
On Jan 13, 2012 7:38 AM, "Warren Block" wrote: > > On Thu, 12 Jan 2012, Waitman Gobble wrote: > >> Hello, >> >> I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble >> with the wireless setup. >> >> I have two wireless cards, the BCM94312MCG that came with it, and an >> Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the >> windows xp driver, and the Atheros with the ath driver that is installed >> with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green >> "wireless" light appears on netbook ) > > > On other models of the Aspire One (AOA150 and D250), adding some ath-specific settings to /boot/loader.conf enables the LED: > > dev.ath.0.ledpin=3 > dev.ath.0.softled=1 cool thanks ill try it out. Waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question
On Jan 13, 2012 7:19 AM, "Matthias Apitz" wrote: > > El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble escribió: > > > Hi, > > > > Thanks. I've always heard countless rumors about WPA being wise :) I'll > > take your advice and take a step up in technology. My "stubborn > > conservatism" probably roots back to the time when not all devices could do > > WPA, or at least I had crazy trouble getting things to work. But this > > learned attitude was probably around 2000, which was like a million years > > ago with dinosaurs and stuff. Time for me to finally get with it. > > > > ... > > Concerning WEP ./. WPA: From the technical point it is clear, WPA is > more secure; but there are other aspects as well; we have had in Germany > cases where the WAN IP of the AP appeared as source addr of some kind of > crime (access to child porn or whatever) and the AP owner said: I'm > using WEP, it was not me, and someone highjacked my AP ... and he/she > went home as free person; > >matthias > -- > Matthias Apitz > e - w http://www.unixarea.de/ > UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) > UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 thanks, going to try WPA this weekend. My apartment is not so convenient for drive-by scanners (cant think of the proper term at the moment) but i do have at least one neighbor who appears potentially suspect.. like he might try to hack my ap for fun. Waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question
On Thu, 12 Jan 2012, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green "wireless" light appears on netbook ) On other models of the Aspire One (AOA150 and D250), adding some ath-specific settings to /boot/loader.conf enables the LED: dev.ath.0.ledpin=3 dev.ath.0.softled=1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question
El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble escribió: > Hi, > > Thanks. I've always heard countless rumors about WPA being wise :) I'll > take your advice and take a step up in technology. My "stubborn > conservatism" probably roots back to the time when not all devices could do > WPA, or at least I had crazy trouble getting things to work. But this > learned attitude was probably around 2000, which was like a million years > ago with dinosaurs and stuff. Time for me to finally get with it. > > ... Concerning WEP ./. WPA: From the technical point it is clear, WPA is more secure; but there are other aspects as well; we have had in Germany cases where the WAN IP of the AP appeared as source addr of some kind of crime (access to child porn or whatever) and the AP owner said: I'm using WEP, it was not me, and someone highjacked my AP ... and he/she went home as free person; matthias -- Matthias Apitz e - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question
On Thu, Jan 12, 2012 at 11:29 PM, Da Rock < freebsd-questi...@herveybayaustralia.com.au> wrote: > On 01/13/12 17:11, Waitman Gobble wrote: > >> On Thu, Jan 12, 2012 at 10:04 PM, Da Rock< >> freebsd-questions@**herveybayaustralia.com.au> >> wrote: >> >> On 01/13/12 15:29, Waitman Gobble wrote: >>> >>> Hello, >>>> >>>> I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having >>>> trouble >>>> with the wireless setup. >>>> >>>> I have two wireless cards, the BCM94312MCG that came with it, and an >>>> Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and >>>> the >>>> windows xp driver, and the Atheros with the ath driver that is installed >>>> with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no >>>> green >>>> "wireless" light appears on netbook ) >>>> >>>> i am getting the same results with either nic card, and i think i am >>>> just >>>> missing something simple. >>>> >>>> >>>> ath0: flags=8843 metric >>>> 0 mtu >>>> >>>> 2290 >>>> ether 00:24:2b:ad:d6:5f >>>> nd6 options=29 >>>> >>>> media: IEEE 802.11 Wireless Ethernet autoselect mode 11g >>>> status: associated >>>> >>>> wlan0: flags=8843 >>>> metric 0 >>>> >>>> mtu 1500 >>>> ether 00:24:2b:ad:d6:5f >>>> inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 >>>> nd6 options=29 >>>> >>>> media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g >>>> status: associated >>>> ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa >>>> regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 >>>> wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan >>>> bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS >>>> wme burst >>>> >>>> connecting: >>>> >>>> ifconfig wlan0 create wlandev ath0 >>>> ifconfig wlan0 up scan >>>> ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG >>>> wepmode >>>> on weptxkey 1 wepkey 1:0x10961323931B628F844360718A >>>> >>>> >>>> scan results: >>>> >>>> p00ntang# ifconfig wlan0 up scan >>>> SSID/MESH IDBSSID CHAN RATE S:N INT CAPS >>>> CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH >>>> CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH >>>> Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA >>>> ATH >>>> TDMA >>>> chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN >>>> WME WPS >>>> >>>> My machine shows up on the wireless router as a "connected device" w/ >>>> correct mac and ip showing >>>> >>>> But i cannot ping gw, no machine on lan or outside. (no route to host) >>>> >>>> p00ntang# netstat -nr >>>> Routing tables >>>> >>>> Internet: >>>> DestinationGatewayFlagsRefs Use Netif >>>> Expire >>>> default10.0.0.1 UGS 0 3338 ale0 >>>> 10.0.0.0/24link#2 U 0 2405 ale0 >>>> 10.0.0.20 link#2 UHS 00lo0 >>>> 10.0.0.21 link#9 UHS 02lo0 >>>> 127.0.0.1 link#8 UH 0 12lo0 >>>> >>>> I do not see "ath0' or wlan0 in the routing table under 'Netif', not >>>> sure >>>> if that's the problem :) >>>> >>>> >>>> p00ntang# less /etc/rc.conf >>>> hostname="p00ntang" >>>> ifconfig_ale0=" inet 10.0.0.20 netmask 255.255.255.0" >>>> defaultrouter="10.0.0.1" >>>> sshd_enable="YES" >>>> ntpd_enable="YES" >>>> # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable >>>> dumpdev="NO" >>>> fusefs_enable="YES" >>>> hald_enable="YES" >>>> dbus_enable="YES" >>>>
Re: wireless and/or routing question
On 01/13/12 17:11, Waitman Gobble wrote: On Thu, Jan 12, 2012 at 10:04 PM, Da Rock< freebsd-questi...@herveybayaustralia.com.au> wrote: On 01/13/12 15:29, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green "wireless" light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843 metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843 metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29 media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a "connected device" w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see "ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname="p00ntang" ifconfig_ale0=" inet 10.0.0.20 netmask 255.255.255.0" defaultrouter="10.0.0.1" sshd_enable="YES" ntpd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" fusefs_enable="YES" hald_enable="YES" dbus_enable="YES" moused_enable="YES" snddetect_enable="YES" mixer_enable="YES" avahi_daemon_enable="YES" ices0_enable="YES" p00ntang# grep ath /boot/loader.conf if_ath_load="YES" p00ntang# grep wlan /boot/loader.conf wlan_wep_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES" i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843 metric 0 mtu 1500 options=c319a ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29 media: Ethernet autoselect (100baseTX) status: active any help/suggestions much appreciated! The solution is simple, but I know the frustration well. Your problem is that the route is looking to go through your wired network port, you started the network on the wired and then switched to wifi so the routing needs to change. Run as root: "route change default -interface wlan0" will fix that temporarily. To fix it permanently (better for a laptop situation anyway, I feel), setup a lagg port including ale0 and wlan0. See http://www.freebsd.org/doc/**handbook/network-aggregation.**html<http://www.freebsd.org/doc/handbook/network-aggregation.html> Good luck and happy networking! __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions<http://lists.freebsd.org/mailman/listinfo/freebsd-questions> To unsubscribe, send any mail to "freebsd-questions-** unsubscr...@freebsd.org" Thanks, that's very helpful - seems to be the issue. Getting rid of my ale0 ifconfig spec in rc.conf also seems to solve
Re: wireless and/or routing question
On Thu, Jan 12, 2012 at 10:04 PM, Da Rock < freebsd-questi...@herveybayaustralia.com.au> wrote: > On 01/13/12 15:29, Waitman Gobble wrote: > >> Hello, >> >> I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble >> with the wireless setup. >> >> I have two wireless cards, the BCM94312MCG that came with it, and an >> Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the >> windows xp driver, and the Atheros with the ath driver that is installed >> with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green >> "wireless" light appears on netbook ) >> >> i am getting the same results with either nic card, and i think i am just >> missing something simple. >> >> >> ath0: flags=8843 metric 0 mtu >> 2290 >> ether 00:24:2b:ad:d6:5f >> nd6 options=29 >> media: IEEE 802.11 Wireless Ethernet autoselect mode 11g >> status: associated >> >> wlan0: flags=8843 metric 0 >> mtu 1500 >> ether 00:24:2b:ad:d6:5f >> inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 >> nd6 options=29 >> media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g >> status: associated >> ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa >> regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 >> wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan >> bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS >> wme burst >> >> connecting: >> >> ifconfig wlan0 create wlandev ath0 >> ifconfig wlan0 up scan >> ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode >> on weptxkey 1 wepkey 1:0x10961323931B628F844360718A >> >> >> scan results: >> >> p00ntang# ifconfig wlan0 up scan >> SSID/MESH IDBSSID CHAN RATE S:N INT CAPS >> CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH >> CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH >> Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH >> TDMA >> chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN >> WME WPS >> >> My machine shows up on the wireless router as a "connected device" w/ >> correct mac and ip showing >> >> But i cannot ping gw, no machine on lan or outside. (no route to host) >> >> p00ntang# netstat -nr >> Routing tables >> >> Internet: >> DestinationGatewayFlagsRefs Use Netif Expire >> default10.0.0.1 UGS 0 3338 ale0 >> 10.0.0.0/24link#2 U 0 2405 ale0 >> 10.0.0.20 link#2 UHS 00lo0 >> 10.0.0.21 link#9 UHS 02lo0 >> 127.0.0.1 link#8 UH 0 12lo0 >> >> I do not see "ath0' or wlan0 in the routing table under 'Netif', not sure >> if that's the problem :) >> >> >> p00ntang# less /etc/rc.conf >> hostname="p00ntang" >> ifconfig_ale0=" inet 10.0.0.20 netmask 255.255.255.0" >> defaultrouter="10.0.0.1" >> sshd_enable="YES" >> ntpd_enable="YES" >> # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable >> dumpdev="NO" >> fusefs_enable="YES" >> hald_enable="YES" >> dbus_enable="YES" >> moused_enable="YES" >> snddetect_enable="YES" >> mixer_enable="YES" >> avahi_daemon_enable="YES" >> ices0_enable="YES" >> >> >> p00ntang# grep ath /boot/loader.conf >> if_ath_load="YES" >> p00ntang# grep wlan /boot/loader.conf >> wlan_wep_load="YES" >> wlan_ccmp_load="YES" >> wlan_tkip_load="YES" >> >> >> >> i've tried /etc/rc.d/routing restart.. no worky :) >> >> here's my wired connection ifconfig --- wired connection works :) >> >> ale0: flags=8843 metric 0 mtu >> 1500 >> options=c319a> TSO4,WOL_MCAST,WOL_MAGIC,VLAN_**HWTSO,LINKSTATE> >> ether 00:23:5a:59:e1:e4 >> inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 >> inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 >> nd6 options=29 >> media: Ethernet autoselect (100baseTX) >> status: active >> >> >> >> >> any help/suggestions much appreci
Re: wireless and/or routing question
On 01/13/12 15:29, Waitman Gobble wrote: Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green "wireless" light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843 metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843 metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29 media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a "connected device" w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see "ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname="p00ntang" ifconfig_ale0=" inet 10.0.0.20 netmask 255.255.255.0" defaultrouter="10.0.0.1" sshd_enable="YES" ntpd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" fusefs_enable="YES" hald_enable="YES" dbus_enable="YES" moused_enable="YES" snddetect_enable="YES" mixer_enable="YES" avahi_daemon_enable="YES" ices0_enable="YES" p00ntang# grep ath /boot/loader.conf if_ath_load="YES" p00ntang# grep wlan /boot/loader.conf wlan_wep_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES" i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843 metric 0 mtu 1500 options=c319a ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29 media: Ethernet autoselect (100baseTX) status: active any help/suggestions much appreciated! The solution is simple, but I know the frustration well. Your problem is that the route is looking to go through your wired network port, you started the network on the wired and then switched to wifi so the routing needs to change. Run as root: "route change default -interface wlan0" will fix that temporarily. To fix it permanently (better for a laptop situation anyway, I feel), setup a lagg port including ale0 and wlan0. See http://www.freebsd.org/doc/handbook/network-aggregation.html Good luck and happy networking! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: wireless and/or routing question
On Thu, Jan 12, 2012 at 9:29 PM, Waitman Gobble wrote: > Hello, > > I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble > with the wireless setup. > > Hi, update- i noticed if i start routed it complains... p00ntang# routed p00ntang# routed: wlan0 (10.0.0.21/24) is duplicated by ale0 (10.0.0.20/24) so i tried shutting off ale0... now i can ping gw but still no luck getting outside. :( p00ntang# ifconfig ale0 down p00ntang# ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1): 56 data bytes 64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=3.381 ms 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=2.499 ms 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=2.893 ms ^C --- 10.0.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 2.499/2.924/3.381/0.361 ms p00ntang# ping google.com PING google.com (74.125.224.116): 56 data bytes ping: sendto: Network is down Now I feel like i "need to go back to networking school 101". lol. If anyone has a hint to solve my routing situation I'd really appreciate it! Thanks, Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
wireless and/or routing question
Hello, I am running 9.0-RC3 i386 on an Acer Aspire One D150. i am having trouble with the wireless setup. I have two wireless cards, the BCM94312MCG that came with it, and an Atheros 5424/2424 that i swapped out. I can run the BCM with ndis and the windows xp driver, and the Atheros with the ath driver that is installed with FreeBSD. (But BCM/ndis is noticeably much slower, Atheros - no green "wireless" light appears on netbook ) i am getting the same results with either nic card, and i think i am just missing something simple. ath0: flags=8843 metric 0 mtu 2290 ether 00:24:2b:ad:d6:5f nd6 options=29 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated wlan0: flags=8843 metric 0 mtu 1500 ether 00:24:2b:ad:d6:5f inet 10.0.0.21 netmask 0xff00 broadcast 10.0.0.255 nd6 options=29 media: IEEE 802.11 Wireless Ethernet OFDM/24Mbps mode 11g status: associated ssid CUDAPANG channel 6 (2437 MHz 11g) bssid 00:22:3f:9b:b8:aa regdomain 101 indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 20 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst connecting: ifconfig wlan0 create wlandev ath0 ifconfig wlan0 up scan ifconfig wlan0 inet 10.0.0.21 netmask 255.255.255.0 ssid CUDAPANG wepmode on weptxkey 1 wepkey 1:0x10961323931B628F844360718A scan results: p00ntang# ifconfig wlan0 up scan SSID/MESH IDBSSID CHAN RATE S:N INT CAPS CUDAPANG00:22:3f:9a:16:1b6 54M -69:-93 100 EPS ATH CUDAPANG00:22:3f:9b:b8:aa6 54M -68:-93 100 EPS WME ATH Abujie 00:14:6c:7a:98:ec6 54M -89:-93 100 EPS RSN WPA ATH TDMA chavez family 00:c0:02:11:22:336 54M -88:-93 100 EP HTCAP RSN WME WPS My machine shows up on the wireless router as a "connected device" w/ correct mac and ip showing But i cannot ping gw, no machine on lan or outside. (no route to host) p00ntang# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.0.1 UGS 0 3338 ale0 10.0.0.0/24link#2 U 0 2405 ale0 10.0.0.20 link#2 UHS 00lo0 10.0.0.21 link#9 UHS 02lo0 127.0.0.1 link#8 UH 0 12lo0 I do not see "ath0' or wlan0 in the routing table under 'Netif', not sure if that's the problem :) p00ntang# less /etc/rc.conf hostname="p00ntang" ifconfig_ale0=" inet 10.0.0.20 netmask 255.255.255.0" defaultrouter="10.0.0.1" sshd_enable="YES" ntpd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" fusefs_enable="YES" hald_enable="YES" dbus_enable="YES" moused_enable="YES" snddetect_enable="YES" mixer_enable="YES" avahi_daemon_enable="YES" ices0_enable="YES" p00ntang# grep ath /boot/loader.conf if_ath_load="YES" p00ntang# grep wlan /boot/loader.conf wlan_wep_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES" i've tried /etc/rc.d/routing restart.. no worky :) here's my wired connection ifconfig --- wired connection works :) ale0: flags=8843 metric 0 mtu 1500 options=c319a ether 00:23:5a:59:e1:e4 inet 10.0.0.20 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::223:5aff:fe59:e1e4%ale0 prefixlen 64 scopeid 0x2 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active any help/suggestions much appreciated! Thank you, Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Routing Woes
On Sat, Sep 3, 2011 at 8:16 PM, Monkeyfoahead wrote: >I have a question that I thought that you could probably answer. I > have setup a freebsd seedbox in my apartment. This box has two internet > connections (multi-homed server.). One is an ethernet connection behind a > firewall that is connected to a Comcast modem. The other is my apartment's > wifi. I desire to use the wifi for torrenting and my connection for > http,ftp, and ssh access. The proper ports have been forwarded to the > freebsd server from the firewall on the Comcast connection. My problem is > when the default route is set to go over the wifi, i cannot access the > server from the comcast modem address. When my default route is set to go > over the modem, my server is accessible to the outside world. > > Due to the nature of the torrent-dameon i am using. I must have the default > route go over the wifi connection. Is there a route i can add that will fix > my problem? > I believe you'll want to use fib's eg setfib(1) and assign your torrent client to use the fib associated with your wifi. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Routing Woes
I have a question that I thought that you could probably answer. I have setup a freebsd seedbox in my apartment. This box has two internet connections (multi-homed server.). One is an ethernet connection behind a firewall that is connected to a Comcast modem. The other is my apartment's wifi. I desire to use the wifi for torrenting and my connection for http,ftp, and ssh access. The proper ports have been forwarded to the freebsd server from the firewall on the Comcast connection. My problem is when the default route is set to go over the wifi, i cannot access the server from the comcast modem address. When my default route is set to go over the modem, my server is accessible to the outside world. Due to the nature of the torrent-dameon i am using. I must have the default route go over the wifi connection. Is there a route i can add that will fix my problem? Thanks for your help. Jordan ifconfig output: fxp0: flags=8843 metric 0 mtu 1500 options=2009 ether 00:12:3f:a4:59:ef inet 10.0.1.5 netmask 0xff00 broadcast 10.0.1.255 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 nd6 options=3 wlan0: flags=8843 metric 0 mtu 1500 ether 00:1e:e5:ff:1d:49 inet 1.1.3.153 netmask 0xff00 broadcast 1.1.3.255 media: IEEE 802.11 Wireless Ethernet DS/11Mbps mode 11g status: associated ssid "Elms D South" channel 9 (2452 MHz 11g) bssid 00:16:01:59:e4:c0 regdomain FCC indoor ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:40-bit txpower 27 bmiss 7 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst roaming MANUAL The boxes routing table is as follows: Internet: DestinationGatewayFlagsRefs Use Netif Expire default1.1.3.1UGS 2245 253352 wlan0 < Wireless 1.1.3.0/24 link#5 U 1 421 wlan0 1.1.3.153 link#5 UHS 00lo0 10.0.1.0/24link#2 U 2 6098 fxp0 10.0.1.5 link#2 UHS 00lo0 <- Comcast 127.0.0.1 link#4 UH 0 34lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%lo0/64 link#4U lo0 fe80::1%lo0 link#4UHS lo0 ff01:4::/32 fe80::1%lo0 U lo0 ff02::%lo0/32 fe80::1%lo0 U lo0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Re: IPSec routing (long post)
>From : claudiu vasadi To : jh...@socket.net Subject : Re: IPSec routing (long post) Date : Sat, 21 May 2011 18:45:07 +0200 Some additional points: > - have you been following the FreeBSD handbook on this ? -> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html > - pls post your ifconfig interface settings > - you can use "tcpdump" to sniff traffic off of your "real" network > interface (tcpdump (-v) -i host and dst > ) > - do you have "options IPSEC" and "device crypto" in your kernel ? My understanding is the handbook was using tunnel mode to connect the networks, and I am using transport mode. Are these the same, and I am misunderstanding what I am reading. Jay ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
IPSec routing (long post)
Ladies and Gentlemen, First, please excuse this extremely long post. I have tried to include all of the information I thought was relevant, and may have included too much. I have established an IPSec connection to our vendor using transport mode. However, I am having problems successfully routing the traffic. We using a preshared key for authentication. The connection is successfully made. My vendor has verified they are able to see the connection up on their router and I am able to see a successful connection when running racoon in the foreground. I am running FBSD 8.1. My external IP address is 1.2.3.4 and the vendor's is 5.6.7.8. The default gateway on my system is 1.2.3.5. My internal IP address range is 192.168.1.0/24 and the vendor's is 192.168.2.0//24. Following is what I have done/tried. Following are my entries in racoon.conf. I have not changed any of the default settings for padding/spacing/etc. remote 5.6.7.8 { exchange_mode main,aggressive; doi ipsec_doi; situation identity_only; my_identifier address 1.2.3.4; proposal_check obey;# obey, strict, or claim lifetime time 86400 secs; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo address 192.168.1.024 any address 192.168.2.0/24 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } sainfo address 192.168.2.0/24 any address 192.168.1.024 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } sainfo address 1.2.3.4/32 any address 192.168.2.0/24 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } sainfo address 192.168.2.0/24 any address 65.1117.48.155/32 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } sainfo address 1.2.3.4/32 any address 5.6.7.8 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; sainfo address 1.2.3.4/32 any address 5.6.7.8 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } sainfo address 5.6.7.8/32 any address 1.2.3.4/32 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } sainfo address 192.168.1.024 any address 5.6.7.8 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } sainfo address 192.168.1.024 any address 5.6.7.8 any { pfs_group 2; encryption_algorithm 3des; lifetime time 3600 secs; authentication_algorithm hmac_sha1; compression_algorithm deflate; } The following entries are made using setkey. flush; spdflush; spdadd 1.2.3.4/32 5.6.7.8/32 any -P out ipsec esp/tunnel/1.2.3.4-5.6.7.8/require; spdadd 192.168.1.0/24 192.168.2.0//24 any -P out ipsec esp/transport/1.2.3.4-5.6.7.8/require; spdadd 1.2.3.4/32 192.168.2.0//24 any -P out ipsec esp/transport/1.2.3.4-5.6.7.8/require; spdadd 192.168.1.0/24 5.6.7.8 any -P out ipsec esp/transport/1.2.3.4-5.6.7.8/require; spdadd 5.6.7.8/32 1.2.3.4/32 any -P in ipsec esp/tunnel/5.6.7.8-1.2.3.4/require; spdadd 192.168.2.0//24 192.168.1.0/24 any -P in ipsec esp/transport/5.6.7.8-1.2.3.4/require; spdadd 192.168.2.0//24 1.2.3.4/32 any -P in ipsec esp/transport/5.6.7.8-1.2.3.4/require; spdadd 5.6.7.8/32 192.168.1.0/24 any -P in ipsec esp/transport/5.6.7.8-1.2.3.4/require; Using setkey -DP all of the entries have been made. I see the following in the log which indicates, to me anyway, the proper policy has been applied. 2011-05-21 10:10:29: DEBUG: suitable inbound SP found: 192.168.2.0/24[0] 1.2.3.4/32[0] proto=any dir=in. 2011-05-21 10:10:29: DEBUG: new acquire 1.2.3.4/32[0] 192.168.2.0/24[0] proto=any dir=out 2011-05-21 10:10:29: DEBUG: configuration found for 5.6.7.8. 2011-05-21 10:10:29: DEBUG: getsainfo params: loc='1.2.3.4', rmt='192.168.2.0/24', peer='NULL', id=0 2011-05-21 10:10:29: DEBUG: getsainfo pass #2 2011-05-21 10:10:29: DEBUG: evaluating sainfo: loc='ANONYMOUS', rmt='ANONYMOUS', peer='ANY', id=0 201
Re: OpenVPN routing
On Wednesday 27 of April 2011 01:15:09, Ryan Coleman wrote: > Maciej, > Here you go: > Ryan-Colemans-MacBook-Pro:~ ryanjcole$ netstat -rn > Routing tables > Internet: > DestinationGatewayFlagsRefs Use Netif > Expire default10.0.1.1 UGSc 610 > en1 10.0.1/24 link#5 UCS 30 > en1 10.0.1.1 0:23:12:f7:37:cc UHLWI 89 1268 > en1 1142 10.0.1.2 0:14:d1:1f:79:1b UHLWI 0 > 837 en1183 10.0.1.198 127.0.0.1 UHS 0 >0 lo0 10.0.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 > 6 en1 127127.0.0.1 UCS 0 >0 lo0 127.0.0.1 127.0.0.1 UH 2 > 75 lo0 169.254link#5 UCS 0 > 0 en1 172.16.87/24 link#7 UC 10 > vmnet1 172.16.87.255 ff:ff:ff:ff:ff:ff UHLWbI 03 > vmnet1 192.168.46 192.168.47.2 UGSc00 > tap0 192.168.47 link#10UC 10 > tap0 192.168.47.2 link#10UHLWI 10 > tap0 And this is with tap interfaces - I think it won't work. Don't use bridge mode if you have two subnets of /24. I saw examples that it would work only if you make one subnet accessible to both: local network and vpn network. Change your configuration from bridged to routed or change your vpn addressing space. If you'll go the routed way you may try this: http://www.secure-computing.net/wiki/index.php/FreeBSD_OpenVPN_Server/Routed -- Maciej Milewski ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Apr 26, 2011, at 9:07 AM, Diego Arias wrote: > > If you need to route LAN - TO - LAN just enable the client-to-client. Its a > Security Feature of OpenVPN > > http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing > I've done that and it had no effect :-\___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Apr 26, 2011, at 3:50 PM, Ryan Coleman wrote: > On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote: > >> On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: >>> I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) >> from the remote machine. >> ... >>> push "route 192.168.47.0 255.255.255.0" >> >> Have you tried adding the route to 192.168.46.0/24 subnet into the vpn >> client? >> >> You want to ping the host/interface on different subnet. If you don't set >> the >> routing to this subnet how your client should know that he needs to put that >> packet through tap interface not defaultroute which I suspect is different? >> >> Can you show the output of netstat -rn of the vpn client? >> >> You may try to look into tcpdump on the vpn router to find what is going >> with >> your packets.And for such scenario like vpnclient->vpnserver->network you >> may >> even not need nat just simple routing will be enough as long as you set it >> up >> on right. >> >> My setup is based on tun interfaces and works like a charm. I don't use nat >> and I only added routing info to the specific routers in the internal >> networks. >> >> Maciej Milewski > > I'm going to have to get this information when I get home and am not on the > office LAN. I can do ping tests specifically through the tap0 interface but > not check the netstat report properly from inside the network. Maciej, Here you go: Ryan-Colemans-MacBook-Pro:~ ryanjcole$ netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.0.1.1 UGSc 610 en1 10.0.1/24 link#5 UCS 30 en1 10.0.1.1 0:23:12:f7:37:cc UHLWI 89 1268 en1 1142 10.0.1.2 0:14:d1:1f:79:1b UHLWI 0 837 en1183 10.0.1.198 127.0.0.1 UHS 00 lo0 10.0.1.255 ff:ff:ff:ff:ff:ff UHLWbI 06 en1 127127.0.0.1 UCS 00 lo0 127.0.0.1 127.0.0.1 UH 2 75 lo0 169.254link#5 UCS 00 en1 172.16.87/24 link#7 UC 10 vmnet1 172.16.87.255 ff:ff:ff:ff:ff:ff UHLWbI 03 vmnet1 192.168.46 192.168.47.2 UGSc00tap0 192.168.47 link#10UC 10tap0 192.168.47.2 link#10UHLWI 10tap0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#1 UHL lo0 fe80::%en1/64 link#5 UC en1 fe80::224:36ff:fea1:1d68%en10:24:36:a1:1d:68UHLW en1 fe80::9227:e4ff:fef8:b2fb%en1 90:27:e4:f8:b2:fb UHL lo0 ff01::/32 ::1 Um lo0 ff02::/32 ::1 UmC lo0 ff02::/32 link#5 UmC en1 Ryan-Colemans-MacBook-Pro:~ ryanjcole$ ping 192.168.46.2 PING 192.168.46.2 (192.168.46.2): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Apr 26, 2011, at 9:53 AM, Maciej Milewski wrote: > On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: >> I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) > from the remote machine. > ... >> push "route 192.168.47.0 255.255.255.0" > > Have you tried adding the route to 192.168.46.0/24 subnet into the vpn client? > > You want to ping the host/interface on different subnet. If you don't set the > routing to this subnet how your client should know that he needs to put that > packet through tap interface not defaultroute which I suspect is different? > > Can you show the output of netstat -rn of the vpn client? > > You may try to look into tcpdump on the vpn router to find what is going with > your packets.And for such scenario like vpnclient->vpnserver->network you may > even not need nat just simple routing will be enough as long as you set it up > on right. > > My setup is based on tun interfaces and works like a charm. I don't use nat > and I only added routing info to the specific routers in the internal > networks. > > Maciej Milewski I'm going to have to get this information when I get home and am not on the office LAN. I can do ping tests specifically through the tap0 interface but not check the netstat report properly from inside the network. -- Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Tuesday 26 of April 2011 15:45:22, Ryan Coleman wrote: > I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. ... > push "route 192.168.47.0 255.255.255.0" Have you tried adding the route to 192.168.46.0/24 subnet into the vpn client? You want to ping the host/interface on different subnet. If you don't set the routing to this subnet how your client should know that he needs to put that packet through tap interface not defaultroute which I suspect is different? Can you show the output of netstat -rn of the vpn client? You may try to look into tcpdump on the vpn router to find what is going with your packets.And for such scenario like vpnclient->vpnserver->network you may even not need nat just simple routing will be enough as long as you set it up on right. My setup is based on tun interfaces and works like a charm. I don't use nat and I only added routing info to the specific routers in the internal networks. Maciej Milewski ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Tue, Apr 26, 2011 at 8:45 AM, Ryan Coleman wrote: > > On Apr 26, 2011, at 8:32 AM, Nathan Vidican wrote: > > > On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman > wrote: > >> > >> I've got an OpenVPN connection working to my remote server, but I want > to route the traffic to the local LAN. > >> > >> I have a bridge set up, pingable... but can't ping the em1 > (192.168.46.2) from the remote machine. > >> > >> Server.conf: > >> local 192.168.46.2 > >> port 1194 > >> proto udp > >> dev tap > >> ca keys/cacert.pem > >> cert keys/server.crt > >> key keys/server.key # This file should be kept secret > >> dh keys/dh1024.pem > >> # Don't put this in the keys directory unless user nobody can read it > >> crl-verify keys/crl.pem > >> #Make sure this is your tunnel address pool > >> server 192.168.47.0 255.255.255.0 > >> ifconfig-pool-persist ipp.txt > >> #This is the route to push to the client, add more if necessary > >> #push "route 192.168.46.254 255.255.255.0" > >> push "route 192.168.47.0 255.255.255.0" > >> push "dhcp-option DNS 192.168.45.10" > >> keepalive 10 120 > >> cipher BF-CBC #Blowfish encryption > >> comp-lzo > >> #fragment > >> user nobody > >> group nobody > >> persist-key > >> persist-tun > >> status openvpn-status.log > >> verb 6 > >> mute 5 > >> > >> > >> client.conf: > >> #Begin client.conf > >> client > >> dev tap > >> proto udp > >> remote sub.domain.ltd 1194 > >> nobind > >> user nobody > >> group nobody > >> persist-key > >> persist-tun > >> #crl-verify > >> #remote-cert-tls server > >> ca keys/cacert.pem > >> cert keys/ryanc.crt > >> key keys/ryanc.key > >> cipher BF-CBC > >> comp-lzo > >> verb 3 > >> mute 20 > >> > >> Any ideas? As I said, I can talk to the remote server, but not the > local LAN. > >> > >> To throw a new curveball in the mix, I'd like to talk to > 192.168.45.0/24 - which we have another VPN connecting the two networks > (not running on a VPN I can do much with). > > > > > > Do you have packet forwarding (routing /gateway) enabled? An > > all-important, yet sometimes forgotten step... > > check if: > > > > sysctl net.inet.ip.forwarding > > > > returns 1 for enabled or not. You can enable it right away by setting > > to 1, and/or view the instructions in the handbook for greater detail > > including how to set as a startup option as well: > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html > > Yes, it is enabled. > > And Maciej, I had server-bridge running before and it wasn't routing ICMP, > nor anything else. > > I have ipnat enabled - as was recommended by one guide - and am routing > everything from 192.168.47.0/24 to 0.0.0.0/32 (I'm not well versed on this > specific area but that seems like it should be 0/0, right?) > > Relevant rc.conf: > defaultrouter="192.168.46.254" > hostname="nbserver1.allstatecom.local" > ifconfig_em0="inet 192.168.46.2 netmask 255.255.255.0" > openvpn_enable="YES" > openvpn_configfile="/usr/local/etc/openvpn/server.conf" > gateway_enable="YES" > ipnat_enable="YES" > > Thanks again, > Ryan > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > If you need to route LAN - TO - LAN just enable the client-to-client. Its a Security Feature of OpenVPN http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing -- Still Going Strong!!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Apr 26, 2011, at 8:32 AM, Nathan Vidican wrote: > On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman wrote: >> >> I've got an OpenVPN connection working to my remote server, but I want to >> route the traffic to the local LAN. >> >> I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) >> from the remote machine. >> >> Server.conf: >> local 192.168.46.2 >> port 1194 >> proto udp >> dev tap >> ca keys/cacert.pem >> cert keys/server.crt >> key keys/server.key # This file should be kept secret >> dh keys/dh1024.pem >> # Don't put this in the keys directory unless user nobody can read it >> crl-verify keys/crl.pem >> #Make sure this is your tunnel address pool >> server 192.168.47.0 255.255.255.0 >> ifconfig-pool-persist ipp.txt >> #This is the route to push to the client, add more if necessary >> #push "route 192.168.46.254 255.255.255.0" >> push "route 192.168.47.0 255.255.255.0" >> push "dhcp-option DNS 192.168.45.10" >> keepalive 10 120 >> cipher BF-CBC #Blowfish encryption >> comp-lzo >> #fragment >> user nobody >> group nobody >> persist-key >> persist-tun >> status openvpn-status.log >> verb 6 >> mute 5 >> >> >> client.conf: >> #Begin client.conf >> client >> dev tap >> proto udp >> remote sub.domain.ltd 1194 >> nobind >> user nobody >> group nobody >> persist-key >> persist-tun >> #crl-verify >> #remote-cert-tls server >> ca keys/cacert.pem >> cert keys/ryanc.crt >> key keys/ryanc.key >> cipher BF-CBC >> comp-lzo >> verb 3 >> mute 20 >> >> Any ideas? As I said, I can talk to the remote server, but not the local >> LAN. >> >> To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - >> which we have another VPN connecting the two networks (not running on a VPN >> I can do much with). > > > Do you have packet forwarding (routing /gateway) enabled? An > all-important, yet sometimes forgotten step... > check if: > > sysctl net.inet.ip.forwarding > > returns 1 for enabled or not. You can enable it right away by setting > to 1, and/or view the instructions in the handbook for greater detail > including how to set as a startup option as well: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html Yes, it is enabled. And Maciej, I had server-bridge running before and it wasn't routing ICMP, nor anything else. I have ipnat enabled - as was recommended by one guide - and am routing everything from 192.168.47.0/24 to 0.0.0.0/32 (I'm not well versed on this specific area but that seems like it should be 0/0, right?) Relevant rc.conf: defaultrouter="192.168.46.254" hostname="nbserver1.allstatecom.local" ifconfig_em0="inet 192.168.46.2 netmask 255.255.255.0" openvpn_enable="YES" openvpn_configfile="/usr/local/etc/openvpn/server.conf" gateway_enable="YES" ipnat_enable="YES" Thanks again, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Mon, Apr 25, 2011 at 10:36 PM, Ryan Coleman wrote: > > I've got an OpenVPN connection working to my remote server, but I want to > route the traffic to the local LAN. > > I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) > from the remote machine. > > Server.conf: > local 192.168.46.2 > port 1194 > proto udp > dev tap > ca keys/cacert.pem > cert keys/server.crt > key keys/server.key # This file should be kept secret > dh keys/dh1024.pem > # Don't put this in the keys directory unless user nobody can read it > crl-verify keys/crl.pem > #Make sure this is your tunnel address pool > server 192.168.47.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > #This is the route to push to the client, add more if necessary > #push "route 192.168.46.254 255.255.255.0" > push "route 192.168.47.0 255.255.255.0" > push "dhcp-option DNS 192.168.45.10" > keepalive 10 120 > cipher BF-CBC #Blowfish encryption > comp-lzo > #fragment > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 6 > mute 5 > > > client.conf: > #Begin client.conf > client > dev tap > proto udp > remote sub.domain.ltd 1194 > nobind > user nobody > group nobody > persist-key > persist-tun > #crl-verify > #remote-cert-tls server > ca keys/cacert.pem > cert keys/ryanc.crt > key keys/ryanc.key > cipher BF-CBC > comp-lzo > verb 3 > mute 20 > > Any ideas? As I said, I can talk to the remote server, but not the local LAN. > > To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - > which we have another VPN connecting the two networks (not running on a VPN I > can do much with). > > > Thanks, > Ryan_______ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" Do you have packet forwarding (routing /gateway) enabled? An all-important, yet sometimes forgotten step... check if: sysctl net.inet.ip.forwarding returns 1 for enabled or not. You can enable it right away by setting to 1, and/or view the instructions in the handbook for greater detail including how to set as a startup option as well: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
On Tuesday 26 of April 2011 04:38:29, Ryan Coleman wrote: > Also: > [root@nbserver1 /usr/home/ryanc]# ifconfig > em0: flags=8943 metric 0 > mtu 1500 options=98 > ether 00:14:22:15:dc:65 > inet 192.168.46.2 netmask 0xff00 broadcast 192.168.46.255 > media: Ethernet autoselect (1000baseT ) > status: active > tap0: flags=8943 metric 0 > mtu 1500 options=8 > ether 00:bd:7e:86:1d:00 > inet 192.168.47.1 netmask 0xff00 broadcast 192.168.47.255 > Opened by PID 10341 > bridge0: flags=8843 metric 0 mtu > 1500 ether 46:e1:75:c6:a3:a7 > inet 192.168.47.254 netmask 0xff00 broadcast 192.168.47.255 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: tap0 flags=143 > ifmaxaddr 0 port 5 priority 128 path cost 200 > member: em0 flags=143 > ifmaxaddr 0 port 1 priority 128 path cost 2 > > On Apr 25, 2011, at 9:36 PM, Ryan Coleman wrote: > > I've got an OpenVPN connection working to my remote server, but I want to > > route the traffic to the local LAN. > > > > I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) > > from the remote machine. > > > > Server.conf: ... > > server 192.168.47.0 255.255.255.0 From the man openvpn(8): Don't use --server if you are ethernet bridging. Use --server- bridge instead. And additionally bridging means that you have to divide your local subnet(192.168.46.0/24) into two parts. Please have a look for the example at [1]. You may even not need bridging if you want to use two subnets of /24. Have you tried with standard setup(server) and configuring your default gateway(I suspect 192.168.46.1) with the routing information about openvpn subnet 192.168.47.0/24? [1] http://openvpn.net/index.php/open-source/documentation/miscellaneous/76- ethernet-bridging.html Maciej Milewski ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OpenVPN routing
Also: [root@nbserver1 /usr/home/ryanc]# ifconfig em0: flags=8943 metric 0 mtu 1500 options=98 ether 00:14:22:15:dc:65 inet 192.168.46.2 netmask 0xff00 broadcast 192.168.46.255 media: Ethernet autoselect (1000baseT ) status: active tap0: flags=8943 metric 0 mtu 1500 options=8 ether 00:bd:7e:86:1d:00 inet 192.168.47.1 netmask 0xff00 broadcast 192.168.47.255 Opened by PID 10341 bridge0: flags=8843 metric 0 mtu 1500 ether 46:e1:75:c6:a3:a7 inet 192.168.47.254 netmask 0xff00 broadcast 192.168.47.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags=143 ifmaxaddr 0 port 5 priority 128 path cost 200 member: em0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 2 On Apr 25, 2011, at 9:36 PM, Ryan Coleman wrote: > I've got an OpenVPN connection working to my remote server, but I want to > route the traffic to the local LAN. > > I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) > from the remote machine. > > Server.conf: > local 192.168.46.2 > port 1194 > proto udp > dev tap > ca keys/cacert.pem > cert keys/server.crt > key keys/server.key # This file should be kept secret > dh keys/dh1024.pem > # Don't put this in the keys directory unless user nobody can read it > crl-verify keys/crl.pem > #Make sure this is your tunnel address pool > server 192.168.47.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > #This is the route to push to the client, add more if necessary > #push "route 192.168.46.254 255.255.255.0" > push "route 192.168.47.0 255.255.255.0" > push "dhcp-option DNS 192.168.45.10" > keepalive 10 120 > cipher BF-CBC #Blowfish encryption > comp-lzo > #fragment > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 6 > mute 5 > > > client.conf: > #Begin client.conf > client > dev tap > proto udp > remote sub.domain.ltd 1194 > nobind > user nobody > group nobody > persist-key > persist-tun > #crl-verify > #remote-cert-tls server > ca keys/cacert.pem > cert keys/ryanc.crt > key keys/ryanc.key > cipher BF-CBC > comp-lzo > verb 3 > mute 20 > > Any ideas? As I said, I can talk to the remote server, but not the local LAN. > > To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - > which we have another VPN connecting the two networks (not running on a VPN I > can do much with). > > > Thanks, > Ryan___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
OpenVPN routing
I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. Server.conf: local 192.168.46.2 port 1194 proto udp dev tap ca keys/cacert.pem cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh1024.pem # Don't put this in the keys directory unless user nobody can read it crl-verify keys/crl.pem #Make sure this is your tunnel address pool server 192.168.47.0 255.255.255.0 ifconfig-pool-persist ipp.txt #This is the route to push to the client, add more if necessary #push "route 192.168.46.254 255.255.255.0" push "route 192.168.47.0 255.255.255.0" push "dhcp-option DNS 192.168.45.10" keepalive 10 120 cipher BF-CBC #Blowfish encryption comp-lzo #fragment user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 mute 5 client.conf: #Begin client.conf client dev tap proto udp remote sub.domain.ltd 1194 nobind user nobody group nobody persist-key persist-tun #crl-verify #remote-cert-tls server ca keys/cacert.pem cert keys/ryanc.crt key keys/ryanc.key cipher BF-CBC comp-lzo verb 3 mute 20 Any ideas? As I said, I can talk to the remote server, but not the local LAN. To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - which we have another VPN connecting the two networks (not running on a VPN I can do much with). Thanks, Ryan___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: routing to a directly attached subnet without an address in this subnet
On Mon, Apr 25, 2011 at 10:17:40PM +1000, Daniel Marsh wrote: What you need to verify is the default routes on the client hosts. It's very likely your packets and your initial route add commands on your dual host machine are correct, yet the return route on the other clients are incorrect. I have checked that. Actually, I can ping the router from the clients. What does not work is initiating a packet exchange from the router's side. Short reminder: em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd default route is to em0 2001:db8:0:1::/64 is router to em1 (route add -inet6 2001:db8:0:1::/64 -iface em1) clients connected to em1 have addresses in 2001:db8:0:1::/64 and default route to fe80::1234:56ff:fe78:9abd If I reboot the router, then try to ping a client in 2001:db8:0:1::/64, directly connected to em1, ping6 fails with "sendmsg: Operation not permitted". tcpdump does not show anything being sent to this client. The client's MAC does not show up in "ndp -a". If I ping the router from the client, I get answers. The client's MAC show up in the NDP table, and I can ping the client from the router as long as it is still listed in the NDP table. If I clear the table with "ndp -c", I can't ping from the router any more. If I reboot and add a static entry for the client in the NDP table, I can ping this client. All this seems to point to NDP as the root of the problem: it looks like it is not aware of the addition of 2001:db8:0:1::/64 to the routing table. I do not see any way to give the missing information to NDP other than adding an address to em1. (Adding static entries for all the clients would not be manageable in the long run). Google seems to turn up some mentions of "cloning routes" that look like a way to solve this (I'm not quite sure), but this was apparently removed in a recent reimplementation of ARP+NDP (arp-v2). Maybe some functionality was lost in the process, but I don't know about this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: routing to a directly attached subnet without an address in this subnet
On Sun, Apr 24, 2011 at 06:43:11PM -0500, Robert Bonomi wrote: Sorry, it _is_ impossible. :( simply put, to communicate _on_ a network, you have to be *ON* that network, i.e., 'have an address in that network's address-space'. I don't quite see why this would be required, as long as packets are routed as they should. It is perfectly legitimate for two (or more) separate networks to share the same physical media. Yes. *ONLY* the address of the device distinguishes which network the trafic goes to/from. But this is the destination address on packets. The point here is, why would the router need an address that is never used as source or destination? I can't see any strong reason for requiring that em1 have an address for every directly attached subnet packets are routed to. Think about how 'reply' packets have to be routed by other machines on that subnet. Packets from other machines are routed to fe80::1234:56ff:fe78:9abd (link local address of the router), so this part is fine. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: routing to a directly attached subnet without an address in this subnet
On Sun, Apr 24, 2011 at 08:50:53PM -0400, David Scheidt wrote: On Apr 24, 2011, at 4:29 PM, Lionel Fourquaux wrote: em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd Network 2001:db8::/64 is directly attached to em0, and network 2001:db8:0:1::/64 is directly attached to em1. The default route points to em0. I would like to route packets addressed to 2001:db8:0:1::/64 to interface em1, without allocating an address in 2001:db8:0:1::/64 for em1. (Or to understand why this would be impossible). Why do you want to do this? Because I think it would look better that way. How do you expect the hosts on the attached networks to get packets to you? They are already using fe80::1234:56ff:fe78:9abd as default gateway, so this is not a problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: routing to a directly attached subnet without an address in this subnet
On Apr 24, 2011, at 4:29 PM, Lionel Fourquaux wrote: > Dear FreeBSD users, > > Consider an IPv6 router with two interfaces, e.g. em0 and em1. > em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 > em1 has address fe80::1234:56ff:fe78:9abd > Network 2001:db8::/64 is directly attached to em0, and network > 2001:db8:0:1::/64 is directly attached to em1. The default route points to > em0. I would like to route packets addressed to 2001:db8:0:1::/64 to > interface em1, without allocating an address in 2001:db8:0:1::/64 for em1. > (Or to understand why this would be impossible). > Why do you want to do this? How do you expect the hosts on the attached networks to get packets to you? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
routing to a directly attached subnet without an address in this subnet
Dear FreeBSD users, Consider an IPv6 router with two interfaces, e.g. em0 and em1. em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd Network 2001:db8::/64 is directly attached to em0, and network 2001:db8:0:1::/64 is directly attached to em1. The default route points to em0. I would like to route packets addressed to 2001:db8:0:1::/64 to interface em1, without allocating an address in 2001:db8:0:1::/64 for em1. (Or to understand why this would be impossible). I have tried to add a route using: route add -ipv6 2001:db8:0:1::/64 -iface em1 (and several variations), but this fails (route returns successfully, but I can't ping anything on 2001:db8:0:1::/64). On the other hand, if I give address 2001:db8:0:1::1/64 to em1, ping6 works and packets are routed successfully. I guess that the differenceis that the OS can't figure out which interface to use for NDP in the first case. However, ndp(8) can create static entries in the NDP table for individual hosts but not whole subnets. I can't see any strong reason for requiring that em1 have an address for every directly attached subnet packets are routed to. The router already has a valid routable address on em0 which can be used as source address for ICMP, and it has an address on em1 (the link local one) which can be used for NDP and routing. So: 1. Is there a way to set up the router the way I want it? 2. If not, why is it not possible? I can mark the additional addresses on em1 as deprecated, possibly even firewall out anything going to these addresses. From the outside, the router would behave exactly the way I want. However, this does not seem as nice as such a simple setup should be. This is on FreeBSD 8.2 (i386), GENERIC kernel. I have slightly simplified the description but all the relevant parts should be here. Anticipated thanks for your answers, and best regards. -- Lionel Fourquaux ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Marble and routing
> From owner-freebsd-questi...@freebsd.org Fri Apr 8 18:19:15 2011 > From: Steven Friedrich > To: freebsd-questions@freebsd.org > Date: Fri, 8 Apr 2011 19:18:25 -0400 > Subject: Marble and routing > > I'm in the U.S., so I believe that my only valid choice is OpenRoute service. > > Does it require any subscription payment, os is it available free? Google is your friend. search string "marble routing" (oddly enough ) What I got as the 4th link <http://nienhueser.de/blog/?p=137http://nienhueser.de/blog/?p=137> seems very relevant to your question. To quote Sgt. Schultz, "I know nothing" about KDE, marble, or the openroute service. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Marble and routing
I'm in the U.S., so I believe that my only valid choice is OpenRoute service. Does it require any subscription payment, os is it available free? -- System Name: doris.StevenFriedrich.org Window Manager(s): kde4-4.6.2 X Window System: xorg-7.5.1X.Org X Server 1.7.7 OS version: FreeBSD 8.2-RELEASE i386 (5.9 MB kernel) Platform:HP pavilion zd8000 (zd8215us) CPU: 2.40GHz Intel Pentium 4 with 511 MB memory FreeBSD Audio Driver (newpcm: 32bit 2009061500/i386) Installed devices: pcm0: (play/rec) default ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Tuning routing table size in FreeBSD 8.0 and 7.2
On Thu, Feb 24, 2011 at 9:37 PM, nikitha wrote: > Thank you all, for your timely reply.. > To answer Niko's question: Just i'm doing some performance/stress testing > of > a freebsd router.. :-) > > -Sumi > > On Thu, Feb 24, 2011 at 10:11 PM, Nikos Vassiliadis wrote: > > > On 2/24/2011 4:51 PM, Damien Fleuriot wrote: > > > >> On 2/24/11 3:00 PM, nikitha wrote: > >> > >>> Hi, > >>> Could you plz share the information on the maximum number of routes > that > >>> can > >>> be added (by default) in FREEBSD 8.0/7.2 kernel? > >>> In Linux the sysctl rt_max_size is used. Is there a similar tunable > >>> parameter in freeBSD? > >>> > >> [snip] > > > > > >> I could not find a sysctl that matched what you're looking for. > >> > >> AFAIK, the routing table is limited only by the amount of RAM you can > >> allocate to it. > >> > > > > Yes. You can use "vmstat -z | grep rtentry" to examine it. > > It seems trivial to add a limit there(without having thought of > > multiple routing tables and vnet). > > > > Out of curiosity, why would you want such a limit? > > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > Hello Sumi, What tools do you use to perform the tests? thanks, v -- network warrior ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Tuning routing table size in FreeBSD 8.0 and 7.2
Thank you all, for your timely reply.. To answer Niko's question: Just i'm doing some performance/stress testing of a freebsd router.. :-) -Sumi On Thu, Feb 24, 2011 at 10:11 PM, Nikos Vassiliadis wrote: > On 2/24/2011 4:51 PM, Damien Fleuriot wrote: > >> On 2/24/11 3:00 PM, nikitha wrote: >> >>> Hi, >>> Could you plz share the information on the maximum number of routes that >>> can >>> be added (by default) in FREEBSD 8.0/7.2 kernel? >>> In Linux the sysctl rt_max_size is used. Is there a similar tunable >>> parameter in freeBSD? >>> >> [snip] > > >> I could not find a sysctl that matched what you're looking for. >> >> AFAIK, the routing table is limited only by the amount of RAM you can >> allocate to it. >> > > Yes. You can use "vmstat -z | grep rtentry" to examine it. > It seems trivial to add a limit there(without having thought of > multiple routing tables and vnet). > > Out of curiosity, why would you want such a limit? > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Tuning routing table size in FreeBSD 8.0 and 7.2
On 2/24/2011 4:51 PM, Damien Fleuriot wrote: On 2/24/11 3:00 PM, nikitha wrote: Hi, Could you plz share the information on the maximum number of routes that can be added (by default) in FREEBSD 8.0/7.2 kernel? In Linux the sysctl rt_max_size is used. Is there a similar tunable parameter in freeBSD? [snip] I could not find a sysctl that matched what you're looking for. AFAIK, the routing table is limited only by the amount of RAM you can allocate to it. Yes. You can use "vmstat -z | grep rtentry" to examine it. It seems trivial to add a limit there(without having thought of multiple routing tables and vnet). Out of curiosity, why would you want such a limit? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Tuning routing table size in FreeBSD 8.0 and 7.2
Sysctl -a lists "all" options. This MAY be what you want: net.inet.ip.rtmaxcache - Upper limit on dynamically learned routes http://people.freebsd.org/~hmp/utilities/satbl/sysctl-net.html HTH Gary -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of nikitha Sent: Thursday, February 24, 2011 8:01 AM To: freebsd-questions@freebsd.org Subject: Tuning routing table size in FreeBSD 8.0 and 7.2 Hi, Could you plz share the information on the maximum number of routes that can be added (by default) in FREEBSD 8.0/7.2 kernel? In Linux the sysctl rt_max_size is used. Is there a similar tunable parameter in freeBSD? Your earliest reply in this regard is much appreciated. Thanks for any inputs.. -Sumi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Tuning routing table size in FreeBSD 8.0 and 7.2
On 2/24/11 3:00 PM, nikitha wrote: > Hi, > Could you plz share the information on the maximum number of routes that can > be added (by default) in FREEBSD 8.0/7.2 kernel? > In Linux the sysctl rt_max_size is used. Is there a similar tunable > parameter in freeBSD? > > Your earliest reply in this regard is much appreciated. > > Thanks for any inputs.. > > -Sumi > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" I could not find a sysctl that matched what you're looking for. AFAIK, the routing table is limited only by the amount of RAM you can allocate to it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Tuning routing table size in FreeBSD 8.0 and 7.2
Hi, Could you plz share the information on the maximum number of routes that can be added (by default) in FREEBSD 8.0/7.2 kernel? In Linux the sysctl rt_max_size is used. Is there a similar tunable parameter in freeBSD? Your earliest reply in this regard is much appreciated. Thanks for any inputs.. -Sumi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Routing issue?
As mentioned before, this is already solved. On Nov 12, 2010, at 3:08 AM, Wojciech Puchar wrote: >> ff02::%lo0/32 fe80::1%lo0 U >> lo0 >> >> ifconfig_em0="inet 70.89.123.5 netmask 255.255.255.248" >> ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248" >> defaultrouter="70.89.123.6" >> hostname="se**.somehtingelse.biz" >> >> >> I tried to add the gateway for link2 but it's not taking since it already >> exists, and I've run multiple IP'd servers before without issue. >> >> I'm really lost.___ > you can't have 2 gateways. > > but you may configure ipfw firewall and use it's fwd function to define > exactly what is routed through what, whatever your wish is. > > not that long ago i had 7 links to my server doing ISP business, as there was > no way to get single large link that place. > > no problems > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Routing issue?
ff02::%lo0/32 fe80::1%lo0 U lo0 ifconfig_em0="inet 70.89.123.5 netmask 255.255.255.248" ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248" defaultrouter="70.89.123.6" hostname="se**.somehtingelse.biz" I tried to add the gateway for link2 but it's not taking since it already exists, and I've run multiple IP'd servers before without issue. I'm really lost.___ you can't have 2 gateways. but you may configure ipfw firewall and use it's fwd function to define exactly what is routed through what, whatever your wish is. not that long ago i had 7 links to my server doing ISP business, as there was no way to get single large link that place. no problems ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
{Solved} Re: Routing issue?
It didn't work until I bridged the connections. [r...@server /usr/home/ryan]# ifconfig bridge create bridge0 [r...@server /usr/home/ryan]# ifconfig bridge0 bridge0: flags=8802 metric 0 mtu 1500 ether 0a:df:a2:b3:3e:96 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0 [r...@server /usr/home/ryan]# ifconfig bridge0 addm em0 addm em1 up On Nov 11, 2010, at 10:00 PM, Gary Gatten wrote: > What exactly isn't working? You don't have two L3 nets, but two ips on the > same net - nothing to route, except the default. > > - Original Message - > From: owner-freebsd-questi...@freebsd.org > > To: Free BSD Questions list > Sent: Thu Nov 11 21:41:40 2010 > Subject: Routing issue? > > I'm trying to get the other half of my business up on my second IP. > > It's not routing. This is not a multi-homed system, but two IPs in the same > subnet. > > > [r...@server /usr/home/ryan]# netstat -nr > Routing tables > > Internet: > DestinationGatewayFlagsRefs Use Netif Expire > default70.89.123.6UGS 7 1090em0 > 70.89.123.0/29 link#1 U 2 837em0 > 70.89.123.4link#2 UHS 0 25lo0 > 70.89.123.5link#1 UHS 00lo0 > 127.0.0.1 link#5 UH 0 863lo0 > > Internet6: > Destination Gateway Flags > Netif Expire > ::1 ::1 UH > lo0 > fe80::%lo0/64 link#5U > lo0 > fe80::1%lo0 link#5UHS > lo0 > ff01:5::/32 fe80::1%lo0 U > lo0 > ff02::%lo0/32 fe80::1%lo0 U > lo0 > > ifconfig_em0="inet 70.89.123.5 netmask 255.255.255.248" > ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248" > defaultrouter="70.89.123.6" > hostname="se**.somehtingelse.biz" > > > I tried to add the gateway for link2 but it's not taking since it already > exists, and I've run multiple IP'd servers before without issue. > > I'm really lost.___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > > > > > > > > > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Routing issue?
What exactly isn't working? You don't have two L3 nets, but two ips on the same net - nothing to route, except the default. - Original Message - From: owner-freebsd-questi...@freebsd.org To: Free BSD Questions list Sent: Thu Nov 11 21:41:40 2010 Subject: Routing issue? I'm trying to get the other half of my business up on my second IP. It's not routing. This is not a multi-homed system, but two IPs in the same subnet. [r...@server /usr/home/ryan]# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.89.123.6UGS 7 1090em0 70.89.123.0/29 link#1 U 2 837em0 70.89.123.4link#2 UHS 0 25lo0 70.89.123.5link#1 UHS 00lo0 127.0.0.1 link#5 UH 0 863lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%lo0/64 link#5U lo0 fe80::1%lo0 link#5UHS lo0 ff01:5::/32 fe80::1%lo0 U lo0 ff02::%lo0/32 fe80::1%lo0 U lo0 ifconfig_em0="inet 70.89.123.5 netmask 255.255.255.248" ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248" defaultrouter="70.89.123.6" hostname="se**.somehtingelse.biz" I tried to add the gateway for link2 but it's not taking since it already exists, and I've run multiple IP'd servers before without issue. I'm really lost.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Routing issue?
I'm trying to get the other half of my business up on my second IP. It's not routing. This is not a multi-homed system, but two IPs in the same subnet. [r...@server /usr/home/ryan]# netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.89.123.6UGS 7 1090em0 70.89.123.0/29 link#1 U 2 837em0 70.89.123.4link#2 UHS 0 25lo0 70.89.123.5link#1 UHS 00lo0 127.0.0.1 link#5 UH 0 863lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%lo0/64 link#5U lo0 fe80::1%lo0 link#5UHS lo0 ff01:5::/32 fe80::1%lo0 U lo0 ff02::%lo0/32 fe80::1%lo0 U lo0 ifconfig_em0="inet 70.89.123.5 netmask 255.255.255.248" ifconfig_em1="inet 70.89.123.4 netmask 255.255.255.248" defaultrouter="70.89.123.6" hostname="se**.somehtingelse.biz" I tried to add the gateway for link2 but it's not taking since it already exists, and I've run multiple IP'd servers before without issue. I'm really lost.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Routing Question
On 8/27/2010 9:09 PM, Doug Hardie wrote: On 27 August 2010, at 05:07, Patrick Lamaiziere wrote: Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie a écrit : PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though. the filter option "reply-to" looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)). That works great on the output if you can figure out which packets to use it on. The only way I can see to separate the traffic is using the router MAC address. I don't find anything in pf that will look at that. Yes, pf cannot use the MAC address to classify a packet. The most sensible sollution would be installing a single router to handle both lines but I know it's not always feasible to do so for several reasons. ipfw can use MAC addresses for classification, perhaps you hack some rules using fwd, skipto and mac. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Routing Question
On 27 August 2010, at 05:07, Patrick Lamaiziere wrote: > Le Thu, 26 Aug 2010 18:17:19 -0700, > Doug Hardie a écrit : > >> PF's route_to will return the packets to the proper router, but I have not >> been able to figure out which ones those would be. The source IP >> address can be any on either network and its highly likely that we >> will see packets from the same source network on both at the same >> time. The only distinction I see in the input packets between the >> two paths is the MAC address of the router. I don't see any way in >> pf or the system to use that to affect the return path >> though. > > the filter option "reply-to" looks to be what you need. It works by > keeping the state of a connection (see pf.conf(5)). That works great on the output if you can figure out which packets to use it on. The only way I can see to separate the traffic is using the router MAC address. I don't find anything in pf that will look at that.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Routing Question
Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie a écrit : > PF's route_to will return the packets to the proper router, but I have not > been able to figure out which ones those would be. The source IP > address can be any on either network and its highly likely that we > will see packets from the same source network on both at the same > time. The only distinction I see in the input packets between the > two paths is the MAC address of the router. I don't see any way in > pf or the system to use that to affect the return path > though. the filter option "reply-to" looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Routing Question
I have several servers with one ethernet interface. Currently it is connected via a WAN to the internet. We are in the midst of switching to a different provider. I would like to be able to operate with both temporarily until all the users/services get switched. The new circuit is in and working. I would like somehow to configure the system (I have pf in use) to be able to detect the packets that come from a specific router and route the return packets back through it. The other network would be the default. PF's route_to will return the packets to the proper router, but I have not been able to figure out which ones those would be. The source IP address can be any on either network and its highly likely that we will see packets from the same source network on both at the same time. The only distinction I see in the input packets between the two paths is the MAC address of the router. I don't see any way in pf or the system to use that to affect the return path though.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Odd routing issue...
On Wednesday 12 of May 2010 06:07, Glenn Sieb wrote: > I'm getting a route added upon reboot with the hostname of the box, > going to lo0. > It's preventing things like, pinging itself. I can manually delete the > route, but.. where is it being set to begin with?! well, that behaviour is what i would expect. After all, the machine knows that to ping its own ip, it has to use the lo0 interface. It just resolves your ip with the hostname of the machine. So as far as i see, this is the intended behaviour. (You can use netstat -rn to see the actual ip and not hostnames.) If you can't ping localhost, i'd say that the problem lies elsewere. (firewalls probably) You can check with tcpdump to see what happens and your pings don't get a reply. -- Real programmers don't document. If it was hard to write, it should be hard to understand. signature.asc Description: This is a digitally signed message part.
Odd routing issue...
Running: FreeBSD caduceus.wingfoot.org 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #42: Fri May 7 19:22:48 EDT 2010 r...@caduceus.wingfoot.org:/usr/obj/usr/src/sys/SANDALS amd64 I'm getting a route added upon reboot with the hostname of the box, going to lo0. It's preventing things like, pinging itself. I can manually delete the route, but.. where is it being set to begin with?! Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultip-66-80-251-65.ny UGS17 50 nfe0 66.80.251.64/26link#1 U 00 nfe0 caduceus link#1 UHS 07lo0 (much snippage) localhost link#2 UH 00lo0 Nothing's changed in my /etc/rc.conf from when I was running 7.2-RELEASE... This behavior didn't happen with 7.2. And, I don't see anything in /usr/src/UPDATING that seems relevant (unless, naturally, I'm missing something). My google-fu keeps bringing me to the handbook, but I don't see anything useful in there that might apply. If I restart netif, the mysterious "caduceus" route pops up again. If someone can point me in the right direction, I'd really appreciate it. Thanks in advance! Best, --Glenn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
what means: route: writing to routing socket: No such process ?
Hello, It seems that deleting a route which does not exist gives some message about "writing to routing socket: No such process": # route delete xxx.xxx.xxx.xxx/27 delete net xxx.xxx.xxx.xxx # route delete xxx.xxx.xxx.xxx/27 route: writing to routing socket: No such process delete net xxx.xxx.xxx.xxx: not in table The man page does not explain this. What does this mean exactly? Thanks matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e - w http://www.unixarea.de/ Solidarity with the imperialistic Israel?Not in my name! ¿Solidaridad con el imperialismo de Israel? ¡No en mi nombre! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
routing for jails on public IPs, jails on private IPs between 2 servers
Hi , I have this question which need some comment/help on: == the setup == I have 2 freebsd servers with several jails running on it. Each server have several jails thats either listening on publicly accessible IP or listening on a loopback/private IP. The two servers are connected together using vpn with routing that allows ServerA to connect to private jails in ServerB and vice versa. ServerA (10.1.0.1_tun0,192.168.1.1_bge0,192.168.1.2_bge0,127.0.1.1_lo1,127.0.1.1_lo1) - JailA(192.168.1.2_bge0) - JailB(127.0.1.1_lo1) - JailC(127.0.1.1_lo1) ServerB (10.1.0.3_tun0,192.168.1.3_bge0,192.168.1.4_bge0,127.0.2.1_lo1,127.0.2.2_lo1) - JailA(192.168.1.4_bge0) - JailB(127.0.2.1_lo1) - JailC(127.0.2.2_lo1) == the issue == under the current config, ServerA can connect to all private jails in ServerB through vpn+routing and vice versa. Private jails in ServerA can connect to public jails in ServerB through NAT and vice versa. However, I cant figure out how to allow public jails in ServerA to connect to private jails in ServerB. Anybody have idea on how to implement it? Thanks -- Mohd Izhar Firdaus Bin Ismail Amano Hikaru 天野晃 「あまの ひかる」 http://fedoraproject.org/wiki/MohdIzharFirdaus http://blog.kagesenshi.org 92C2 B295 B40B B3DC 6866 5011 5BD2 584A 8A5D 7331 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
ifconfig & routing
Greets, Here's my delemma - Im running FreeBSD 7.1 - that was setup with its normal host area and added via ezjail (2) jails. Out of jail #2, I run a IRCD for a local christian group. I also installed a old-school BBS in jail #2, and it works great, connects and works fine. But, since I wish to run a few old DOS programs that are DOORS. It recommends I install it where it can reach "X", the windows server. Then I'll have a shot at utilizing doscmd to get them to work. No matter how many times I install and reinstall it it fires up, but cant seem to access it via telnet either locally or from outside my computer via telnet. For further info, my system setup is the internet goes through my DSL/ROUTER set in BRIDGE MODE, to my DLINK wireless router. My jail #2 is set to PRIVATE IP 192.168.0.103 - jail #1 set to 192.168.0.102 and host part of computer set to 192.168.0.100. Any help suggestions greatly appreciated. JP === netstat -rn results below: $ netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.0.1UGS 0 3082vr0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.0.0/24 link#1 UC 00vr0 192.168.0.100:0d:88:9f:e2:5f UHLW2 986vr0 1102 192.168.0.100 00:0e:a6:a0:db:24 UHLW14lo0 192.168.0.102 00:0e:a6:a0:db:24 UHLW1 12lo0 192.168.0.103 00:0e:a6:a0:db:24 UHLW157562lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#3UHL lo0 ff01:3::/32 fe80::1%lo0 UC lo0 ff02::%lo0/32 fe80::1%lo0 UC lo0 === ifconfig results below: $ ifconfig vr0: flags=8843 metric 0 mtu 1500 options=2808 ether 00:0e:a6:a0:db:24 inet 192.168.0.100 netmask 0xff00 broadcast 192.168.0.255 inet 192.168.0.103 netmask 0xff00 broadcast 192.168.0.255 inet 192.168.0.102 netmask 0xff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108810 metric 0 mtu 1500 lo0: flags=8049 metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 $ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: PF Routing to VPN Device
On 6/17/09, Mike Sweetser - Adhost wrote: > Hello, > > We have a network with a VPN device sitting beside a PF server, both > connected to an internal network. > > PF Server: 10.1.4.1 > VPN Device: 10.1.4.200 > > The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to > these networks should be routed to 10.1.4.200. We've set up routes on > the PF server as such. > > We've set up the following rules: > > block in log > pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24 > 10.1.2.0/24) > > However, the block in log is catching the return traffic. From pflog > when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on > port 80: > > 00 rule 28/0(match): block in on bge1: 10.1.4.25.80 > > 10.1.2.105.3558: [|tcp] > > If we remove the block in log, the traffic works. > > What are we missing? > > Thanks, > Mike Mike, I know the typical firewall rules that are googleable are one of two basic starting policies.. -- 1. block in all pass out all -- 2. block all They've become a headache to me to configure a firewall and I now start with this base. In this example, fxp0 is facing the Internet, and xl0 is facing the trusted network. -- 3. block in on fxp0 all pass out This adds the benefit that VPN connections, TUNs, GIFs, and all other ethernet devices aren't blindly evaluated to a simple block in rule, rather it's just the fxp0 interface public Internet traffic that is being blocked, while TUNs, GIFs, and the like are exempt from that rule entry line. Might you try by editing your rules to just block your public IP firewall interface? Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: PF Routing to VPN Device
On Thu, Jun 18, 2009 at 11:35 AM, Valentin Bud wrote: > > > On Wed, Jun 17, 2009 at 10:31 PM, Mike Sweetser - Adhost < > mik...@adhost.com> wrote: > >> Hello, >> >> We have a network with a VPN device sitting beside a PF server, both >> connected to an internal network. >> >> PF Server: 10.1.4.1 >> VPN Device: 10.1.4.200 >> >> The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to >> these networks should be routed to 10.1.4.200. We've set up routes on >> the PF server as such. >> >> We've set up the following rules: >> >> block in log >> pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24 >> 10.1.2.0/24) >> >> However, the block in log is catching the return traffic. From pflog >> when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on >> port 80: >> >> 00 rule 28/0(match): block in on bge1: 10.1.4.25.80 > >> 10.1.2.105.3558: [|tcp] >> >> If we remove the block in log, the traffic works. >> >> What are we missing? >> >> Thanks, >> Mike > > Hello Mike, What version on FBSD are you using? The keep state is implicit from 7.0 AFAIK. So if you are using a version prior 7.0 you should add keep state so the return traffic can be passed. v -- network warrior since 2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: PF Routing to VPN Device
> -Original Message- > From: Valentin Bud [mailto:valentin@gmail.com] > Sent: Thursday, June 18, 2009 1:36 AM > To: Mike Sweetser - Adhost > Cc: freebsd-questions@freebsd.org > Subject: Re: PF Routing to VPN Device > > > > On Wed, Jun 17, 2009 at 10:31 PM, Mike Sweetser - Adhost > wrote: > > > Hello, > > We have a network with a VPN device sitting beside a PF server, > both > connected to an internal network. > > PF Server: 10.1.4.1 > VPN Device: 10.1.4.200 > > The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any > traffic to > these networks should be routed to 10.1.4.200. We've set up > routes on > the PF server as such. > > We've set up the following rules: > > block in log > pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { > 10.1.1.0/24 > 10.1.2.0/24) > > However, the block in log is catching the return traffic. From > pflog > when somebody on the VPN (10.1.2.105) tries to connect to > 10.1.4.25 on > port 80: > > 00 rule 28/0(match): block in on bge1: 10.1.4.25.80 > > 10.1.2.105.3558: [|tcp] > > If we remove the block in log, the traffic works. > > What are we missing? > > Thanks, > Mike > > > Hello Mike, > > What version on FBSD are you using? The keep state is implicit from > 7.0 as > far as i know. I might not be right so someone please correct. > > If that is the case you should add keep state to your rule and see > what happens. We're using FreeBSD 7.2. Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: PF Routing to VPN Device
On Wed, Jun 17, 2009 at 10:31 PM, Mike Sweetser - Adhost wrote: > Hello, > > We have a network with a VPN device sitting beside a PF server, both > connected to an internal network. > > PF Server: 10.1.4.1 > VPN Device: 10.1.4.200 > > The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to > these networks should be routed to 10.1.4.200. We've set up routes on > the PF server as such. > > We've set up the following rules: > > block in log > pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24 > 10.1.2.0/24) > > However, the block in log is catching the return traffic. From pflog > when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on > port 80: > > 00 rule 28/0(match): block in on bge1: 10.1.4.25.80 > > 10.1.2.105.3558: [|tcp] > > If we remove the block in log, the traffic works. > > What are we missing? > > Thanks, > Mike Hello Mike, What version on FBSD are you using? The keep state is implicit from 7.0 as far as i know. I might not be right so someone please correct. If that is the case you should add keep state to your rule and see what happens. my 7c, v -- network warrior since 2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
PF Routing to VPN Device
Hello, We have a network with a VPN device sitting beside a PF server, both connected to an internal network. PF Server: 10.1.4.1 VPN Device: 10.1.4.200 The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to these networks should be routed to 10.1.4.200. We've set up routes on the PF server as such. We've set up the following rules: block in log pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24 10.1.2.0/24) However, the block in log is catching the return traffic. From pflog when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on port 80: 00 rule 28/0(match): block in on bge1: 10.1.4.25.80 > 10.1.2.105.3558: [|tcp] If we remove the block in log, the traffic works. What are we missing? Thanks, Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pppoe routing problem, default route isnt used for some hosts
Hello Nikos, thank you very much Nikos "You've repaired my internet" ,) On Fri, May 29, 2009 at 06:56:49PM +0300, Nikos Vassiliadis wrote: > Fabian Holler wrote: > > I have an strange routing problem. I can't connect to some hosts in the > > internet till I add an explicit route for this hosts with my default gw > > as gateway. > > There aren't any other routes that could match the destination IP for > > "non-working hosts". So the connection should also without an explicit > > route for this Hosts use the default gw. > Besides netstat -rn, you can use "route get southparkstudios.com" > to check a route for a destination. > > > Connections with nc to port 80 works > > (the connections tests are made from the router, the iface MTUs are correct) > > You cannot test MTU settings using nc, since initial packets, that > is, small packets, are always smaller than your MTU. You can test > MTU using fetch or ftp or nc + "GET /some.big.file". I only tried to say, that the connection problems couldn't be an MTU problem. Because I tried to connect from the router(where the PPPOE iface should have the correct MTU) and not from any LAN-Host. > > PPPoE: > > new -i ng0 PPPoE PPPoE > > set iface addrs 1.1.1.1 2.2.2.2 > > Maybe you should delete the above line as That was the problem:) I thought ip+netmask from the iface are arbitrary because they will be "overwritten" after I made an successfull connection. But the the crappy netmask was responsible for my problems > > set link mtu 1492 > > set link mru 1492 > > this is also wrong, don't try to set MTU > or MRU. There are negotiated during PPP. removed this also :) regards Fabian pgpksnt3OWbda.pgp Description: PGP signature
Re: pppoe routing problem, default route isnt used for some hosts
Fabian Holler wrote: Hello, I have an strange routing problem. I can't connect to some hosts in the internet till I add an explicit route for this hosts with my default gw as gateway. There aren't any other routes that could match the destination IP for "non-working hosts". So the connection should also without an explicit route for this Hosts use the default gw. My Setup: FreeBSD 7.2-RELEASE mppd to make an PPPOE connection to my internet service provider. PF as firewall To isolate the problem I used an minimal pf.conf: --- "inetif=ng0 lanif=vr0 scrub all max-mss 1492 pass quick on lo0 all pass out on $inetif proto { tcp udp icmp } all keep state" pass on $lanif from any to any --- I also tried pppd instead of mppd(dont helps). Hosts that I can't connect to, are ie spiegel.de, tagesschau.de, freebsd.org southparkstudios.com I.e TCP connections to Port 80 of southparkstudios.com dont work. If I add an explicit route: "route add southparkstudios.com 213.191.84.199" Besides netstat -rn, you can use "route get southparkstudios.com" to check a route for a destination. Connections with nc to port 80 works (the connections tests are made from the router, the iface MTUs are correct) You cannot test MTU settings using nc, since initial packets, that is, small packets, are always smaller than your MTU. You can test MTU using fetch or ftp or nc + "GET /some.big.file". Anybody have an idea what could be wrong? I have no idea anymore (its also not an provider problem, when i made the pppoe connection from windows I can connect to alls hosts) thanks for any hints:) best regards Fabian --------- My routing table: " # netstat -ra Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultlo1.br04.weham.de. UGS 015505ng0 1.1.1.1&0x1010101 link#1 UC 00rl0 What is this ??? It looks like not-contiguous netmask? exxx45031.adsl.al lo0UHS 00lo0 localhost localhost UH 0 433lo0 192.168.113.0 link#2 UC 00vr0 xyz 00:30:18:ad:26:88 UHLW124005lo0 mail.xyz.ath.cx 00:30:18:ad:26:88 UHLW186400lo0 http.xyz.ath.cx 00:30:18:ad:26:88 UHLW1 770lo0 192.168.113.255ff:ff:ff:ff:ff:ff UHLWb 1 3228vr0 lo1.br04.weham.de. e176145031.adsl.al UH 10ng0 [... ipv6 stuff] " Interface infos: " # netstat -ira NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll rl01492 00:02:2a:b0:4a:e0 26128479 0 19855993 0 0 01:00:5e:00:00:010 0 rl01492 1.1.1.1&0x101 1.1.1.1 0 - 2653 - - ALL-SYSTEMS.MCAST vr01500 00:30:18:ad:26:88 12662831 0 17678949 0 0 01:00:5e:00:00:01 2038 0 vr01500 192.168.113.0 xyz 9745471 - 13639692 - - ALL-SYSTEMS.MCAST vr01500 192.168.113.0 mail.xyz.a 291626 -86404 - - ALL-SYSTEMS.MCAST vr01500 192.168.113.0 http.xyz.a 6814 - 770 - - ALL-SYSTEMS.MCAST lo0 16384 113929 0 113929 0 0 lo0 16384 fe80:3::1 fe80:3::10 -0 - - ff01:3::1 (refs: 1) ff02:3::2:a61d:93b4(refs: 1) ff02:3::1 (refs: 1) ff02:3::1:ff00:1 (refs: 1) lo0 16384 localhost ::1 0 -0 - - ff01:3::1 (refs: 1) ff02:3::2:a61d:93b4(refs: 1) ff02:3::1 (refs: 1) ff02:3::1:ff00:1 (refs: 1) lo0 16384 your-net localhost 433 - 2433 - - ALL-SYSTEMS.MCAST pflog 332040 080567 0 0 tun0* 150078331 076381 0 0 tun99 1500 353 0 375 0 0 ng01492 17114096 0 13449463 0 0 ng01492 85.176.145.31 e176145031.adsl.a12398 -17011 - - ALL-SYSTEMS.MCAST " mpd.conf: " default: load PPPoE PPPoE: new -i ng0 PPPoE PPPoE set iface addrs 1.1.1.1 2.2.2.2 Maybe you should delete the above line as well. I dont remembere what "iface addrs" does, but you'll get the IP addresses via IPCP, so it&
pppoe routing problem, default route isnt used for some hosts
Hello, I have an strange routing problem. I can't connect to some hosts in the internet till I add an explicit route for this hosts with my default gw as gateway. There aren't any other routes that could match the destination IP for "non-working hosts". So the connection should also without an explicit route for this Hosts use the default gw. My Setup: FreeBSD 7.2-RELEASE mppd to make an PPPOE connection to my internet service provider. PF as firewall To isolate the problem I used an minimal pf.conf: --- "inetif=ng0 lanif=vr0 scrub all max-mss 1492 pass quick on lo0 all pass out on $inetif proto { tcp udp icmp } all keep state" pass on $lanif from any to any --- I also tried pppd instead of mppd(dont helps). Hosts that I can't connect to, are ie spiegel.de, tagesschau.de, freebsd.org southparkstudios.com I.e TCP connections to Port 80 of southparkstudios.com dont work. If I add an explicit route: "route add southparkstudios.com 213.191.84.199" Connections with nc to port 80 works (the connections tests are made from the router, the iface MTUs are correct) Anybody have an idea what could be wrong? I have no idea anymore (its also not an provider problem, when i made the pppoe connection from windows I can connect to alls hosts) thanks for any hints:) best regards Fabian --------- My routing table: " # netstat -ra Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultlo1.br04.weham.de. UGS 015505ng0 1.1.1.1&0x1010101 link#1 UC 00rl0 exxx45031.adsl.al lo0UHS 00lo0 localhost localhost UH 0 433lo0 192.168.113.0 link#2 UC 00vr0 xyz 00:30:18:ad:26:88 UHLW124005lo0 mail.xyz.ath.cx 00:30:18:ad:26:88 UHLW186400lo0 http.xyz.ath.cx 00:30:18:ad:26:88 UHLW1 770lo0 192.168.113.255ff:ff:ff:ff:ff:ff UHLWb 1 3228vr0 lo1.br04.weham.de. e176145031.adsl.al UH 10ng0 [... ipv6 stuff] " Interface infos: " # netstat -ira NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll rl01492 00:02:2a:b0:4a:e0 26128479 0 19855993 0 0 01:00:5e:00:00:010 0 rl01492 1.1.1.1&0x101 1.1.1.1 0 - 2653 - - ALL-SYSTEMS.MCAST vr01500 00:30:18:ad:26:88 12662831 0 17678949 0 0 01:00:5e:00:00:01 2038 0 vr01500 192.168.113.0 xyz 9745471 - 13639692 - - ALL-SYSTEMS.MCAST vr01500 192.168.113.0 mail.xyz.a 291626 -86404 - - ALL-SYSTEMS.MCAST vr01500 192.168.113.0 http.xyz.a 6814 - 770 - - ALL-SYSTEMS.MCAST lo0 16384 113929 0 113929 0 0 lo0 16384 fe80:3::1 fe80:3::10 -0 - - ff01:3::1 (refs: 1) ff02:3::2:a61d:93b4(refs: 1) ff02:3::1 (refs: 1) ff02:3::1:ff00:1 (refs: 1) lo0 16384 localhost ::1 0 -0 - - ff01:3::1 (refs: 1) ff02:3::2:a61d:93b4(refs: 1) ff02:3::1 (refs: 1) ff02:3::1:ff00:1 (refs: 1) lo0 16384 your-net localhost 433 - 2433 - - ALL-SYSTEMS.MCAST pflog 332040 080567 0 0 tun0* 150078331 076381 0 0 tun99 1500 353 0 375 0 0 ng01492 17114096 0 13449463 0 0 ng01492 85.176.145.31 e176145031.adsl.a12398 -17011 - - ALL-SYSTEMS.MCAST " mpd.conf: " default: load PPPoE PPPoE: new -i ng0 PPPoE PPPoE set iface addrs 1.1.1.1 2.2.2.2 set iface route default set iface enable on-demand set iface idle 0 set bundle disable multilink set bundle authname "xxy" set iface disable tcpmssfix set link no acfcomp protocomp set link disable pap chap set link accept chap set link mtu 1492 set link mru 1492 set link keep-alive 10 60 set ipcp yes vjcomp set iface enable tcpmssfix#I know pf also do this in my setup, but Iam despaired:) set ipcp ranges 0.0.0.0/0 0.
Re: strange routing behaviour with openvpn
Hi, Neo-- On Apr 24, 2009, at 3:26 PM, Neo [GC] wrote: After my router gets a new IP, the openvpn client reconnects to the server and the tunnel is usable from free...@home to free...@external. But: I have one Vista and one OSX at home, both have static routes to the FreeBSD-box. They are able to use the tunnel, when the openvpn-client is freshly startet. After getting a new IP from my ISP, the tunnel is up (and - as I wrote - the FreeBSD is able to use it), but the two other boxes don't get routed through the tunnel, but the default gateway. When I restart the openvpn-client, everythink works again like it should. Not enough info to tell, but, consider the output of "netstat -nr" before and after the IP reassignment, and you'll probably notice a routing table change which is causing your other LAN clients to send traffic the wrong way Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
strange routing behaviour with openvpn
Hi, I'm using openvpn to connect my vpn-gateway at home to an external server, both are FreeBSD-boxes (6.2-STABLE). The external server has an fixed IP, the client at home connects to a router, which gets a new IP every 24 hours. The client is configured as router (gateway_enable="YES") which works... at least sometimes. After my router gets a new IP, the openvpn client reconnects to the server and the tunnel is usable from free...@home to free...@external. But: I have one Vista and one OSX at home, both have static routes to the FreeBSD-box. They are able to use the tunnel, when the openvpn-client is freshly startet. After getting a new IP from my ISP, the tunnel is up (and - as I wrote - the FreeBSD is able to use it), but the two other boxes don't get routed through the tunnel, but the default gateway. When I restart the openvpn-client, everythink works again like it should. Sample output of traceroute when openvpn is restarted: 1<1 ms<1 ms<1 ms wintermute [192.168.2.2] 229 ms30 ms32 ms GOTHNET [10.10.0.1] (works) After router gets net external IP: 1<1 ms<1 ms<1 ms wintermute [192.168.2.2] 2<1 ms<1 ms<1 ms 192.168.2.1 319 ms19 ms19 ms 217.0.119.195 4 217.0.89.70 meldet: Zielhost nicht erreichbar. Any advice? :( Regards, Neo [GC] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
strange routing behaviour with openvpn
Hi, I'm using openvpn to connect my vpn-gateway at home to an external server, both are FreeBSD-boxes (6.2-STABLE). The external server has an fixed IP, the client at home connects to a router, which gets a new IP every 24 hours. The client is configured as router (gateway_enable="YES") which works... at least sometimes. After my router gets a new IP, the openvpn client reconnects to the server and the tunnel is usable from free...@home to free...@external. But: I have one Vista and one OSX at home, both have static routes to the FreeBSD-box. They are able to use the tunnel, when the openvpn-client is freshly startet. After getting a new IP from my ISP, the tunnel is up (and - as I wrote - the FreeBSD is able to use it), but the two other boxes don't get routed through the tunnel, but the default gateway. When I restart the openvpn-client, everythink works again like it should. Sample output of traceroute when openvpn is restarted: 1<1 ms<1 ms<1 ms wintermute [192.168.2.2] 229 ms30 ms32 ms GOTHNET [10.10.0.1] (works) After router gets net external IP: 1<1 ms<1 ms<1 ms wintermute [192.168.2.2] 2<1 ms<1 ms<1 ms 192.168.2.1 319 ms19 ms19 ms 217.0.119.195 4 217.0.89.70 meldet: Zielhost nicht erreichbar. Any advice? :( Regards, Neo [GC] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD Networking Questions / vlan, lagg, routing, FIBs, ezjail
> Now, it is my suspicion that the apparent need for promisc at the router > end indeed is an apperent one and not really the router's fault but rather > the other end's. The other end, in this case, is the server below. > > If the server, with its single MIB, default-routes its packets through one > specific of its vlans which may not be the one, at the router's end, with > the corresponding IP network the traffic entered into the net, would it be > possible that there's something preventing them be received? Unless there's > promisc on, of course... > > I'll grab the laptop next time I think of it and have the switch monitor > traffic to it to see what really is on the wire, maybe that helps and gives > me a clue. I just keep forgetting the bl**dy thing each time I leave... Ok, after a good portion of fiddling with the switch, it seems that you cannot copy traffic from link-aggregated ports to a monitor port on a Linksys SRW2016. Now out at my wits end here it seems. I'll try the FIB approach hopefully next week then. > > - On my "server", is there any way to set up individual > > > "default" routes (to the router) for each of the vlans short of > > > tucking the ezjails behind the vlan interfaces each into their own > > > FIB (btw,. has anyone ever done that?)? > > > > Yes, from FreeBSD-7.1 and beyond, there is support > > for up to 16 routing tables. Use the setfib command > > to select routing table for outgoing connections. > > So, I interpret your response as that I am correct, I have a single > default route per FIB, and that's it. Which effectively means that I do need > FIBs. I agree that this behaviour might make some sense :) > > > Something like, "setfib 10 jail $JAILOPTSANDARGS", > > in the jail case. You have to compile a kernel > > with the option ROUTETABLES=n. Read the message for > > revision 1.1485 from here: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/conf/NOTES > (...) > Generally speaking, or rather, inquiring, has anyone ever done FIBs with > ezjail? It probably is very easy, and I consider(ed) looking into it myself > but I currently spend about max. an hour every 2-3 days on FreeBSE so I > don't really progress. Well, might eventually, but that'll be dunno when. But > well, such is life, and this is pleasure not work :) and I hope to learn > something useful on the way. (...) > [1] > http://lists.freebsd.org/pipermail/freebsd-arch/2007-December/007331.html Regards, Peter. -- Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"