Re: Routed and netmask...

2007-02-05 Thread Nikos Vassiliadis 
On Saturday 03 February 2007 22:08, Thiago Esteves de Oliveira wrote:
> Hi,
> 
> I'm using "FreeBSD 6.2 Stable" with routed to connect networks(gateway)
> 
> 
>THE INTERNET
>  |
>  |
> 
> |  eee.eee.eee.0/26  |
> 
>  |
>  |
>eee.eee.eee.11/26
>ROUTER
>iii.iii.iii.1
>  |
>  |
>  
>  |  iii.iii.iii.0/24 |  "My Network"
>  
> 
> 
> The problem...
> 
> The system is routing, but only to iii.iii.iii.0/26 .
> 
> Look... my rc.conf
> 
> ifconfig_em0="inet iii.iii.iii.1 netmask 255.255.255.0"
> ifconfig_sk0="inet eee.eee.eee.11 netmask 255.255.255.192"
> 
> defaultrouter="eee.eee.eee.1"
> router_enable="YES"
> router_flags="-s"
> gateway_enable="YES"
> router="/sbin/routed"
> 

routed uses by default ripv1, which is clasful.
That means that your net/26 surely won't work.
I doubt your other_net/24 is a C class network,
(from 192.0.0.0/24 to 223.255.255.0/24).

Use explicitly ripv2("-P ripv2") and see what's
going on. You can use rtquery to query routed.
Check the neighbour routeds as well. Be sure
to check the in-kernel routing table using
"netstat -r".

Hope this helps, Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routed and netmask...

2007-02-03 Thread Grzegorz Pluta 
> The top interface address is wrong. It cant be eee.eee.eee.11 with /26 
> mask.
> The lowest address with this mask is 193.

Ops... I'm wrong here ofcourse... The address is correct ;]




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Routed and netmask...

2007-02-03 Thread Grzegorz Pluta 
If eee.eee.eee.0/26 is a separate network (wich i guess it is) there needs
to be a routing device there too. How can a packet find its way to the
internet? The router sees only eee.eee.eee.o network on its port (not
mentioning the iii.iii.iii.0 network from wich the packet travels)

It is also possible that im missing something. Your network visualization is
kinda weird...
The top interface address is wrong. It cant be eee.eee.eee.11 with /26 mask.
The lowest address with this mask is 193.

What actually is this eee network? How did you connect your eee network to
the internet? For me it makes little sense...

Sorry if im wrong. Please explain more!
Cheers,
greg
> Hi,
> 
> I'm using "FreeBSD 6.2 Stable" with routed to connect
> networks(gateway)
> 
> 
>THE INTERNET
>  |
>  |
> 
> |  eee.eee.eee.0/26  |
> 
>  |
>  |
>eee.eee.eee.11/26
>ROUTER
>iii.iii.iii.1
>  |
>  |
>  
>  |  iii.iii.iii.0/24 |  "My Network"
>  
> 
> 
> The problem...
> 
> The system is routing, but only to iii.iii.iii.0/26 .
> 
> Look... my rc.conf
> 
> ifconfig_em0="inet iii.iii.iii.1 netmask 255.255.255.0"
> ifconfig_sk0="inet eee.eee.eee.11 netmask 255.255.255.192"
> 
> defaultrouter="eee.eee.eee.1"
> router_enable="YES"
> router_flags="-s"
> gateway_enable="YES"
> router="/sbin/routed"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routed vpn between two freebsd machines

2005-09-16 Thread Frank Mueller - emendis GmbH 

10.8.0.1 is your servers IP!
According to the manpage the parameter
"server 10.8.0.0 255.255.255.0"
sets therouter to 10.8.0.1.
Why do you push a route to 192.168.2.0/24 ??? Do you have such a subnet?

Greetz,

Ice

dave schrieb:

Hello,
My apologies if this is a repost i didn't see it go through.
I'm trying to set up a routed vpn between two freebsd 5.4 machines.
Currently they're on the same physical subnet, 192.168.0.x to make testing
easier and for vpn they're using 10.8.0.x. My first problem, although both
server and client start, i can only ping the client's ip address 10.8.0.6,
not the server's of 10.8.0.5, and an IP of 10.8.0.1 is also showing up.
Eventually i'd like to add windows boxes accessing the vpn via samba and
remote clients from beyound the firewall, but i'd like to know if my basic
configuration looks good.
Any help appreciated.
Thanks.
Dave.

client:
openvpn.conf:
client
dev tun
proto udp
remote 192.168.0.3 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
mute-replay-warnings
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
ns-cert-type server
tls-auth keys/ta.key 1
comp-lzo
status openvpn-status.log
log openvpn.log
verb 3
mute 20

server:
openvpn.conf:
local 192.168.0.3
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/vpn.crt
dh keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.2.0 255.255.255.0"
client-to-client
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 20

server:
OpenVPN CLIENT LIST
Updated,Fri Sep 16 11:09:42 2005
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
client1,192.168.0.4:53537,75321,75571,Fri Sep 16 08:18:50 2005
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,client1,192.168.0.4:53537,Fri Sep 16 10:34:37 2005
GLOBAL STATS
Max bcast/mcast queue length,0
END

server:
Fri Sep 16 00:10:50 2005 OpenVPN 2.0.2 i386-portbld-freebsd5.4 [SSL] [LZO]
built on Aug 30 2005
Fri Sep 16 00:10:50 2005 Diffie-Hellman initialized with 2048 bit key
Fri Sep 16 00:10:50 2005 Control Channel Authentication: using 'keys/ta.key'
as a OpenVPN static key file
Fri Sep 16 00:10:50 2005 Outgoing Control Channel Authentication: Using 160
bit message hash 'SHA1' for HMAC authentication
Fri Sep 16 00:10:50 2005 Incoming Control Channel Authentication: Using 160
bit message hash 'SHA1' for HMAC authentication
Fri Sep 16 00:10:50 2005 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0
EL:0 ]
Fri Sep 16 00:10:50 2005 gw 192.168.0.254
Fri Sep 16 00:10:50 2005 TUN/TAP device /dev/tun0 opened
Fri Sep 16 00:10:50 2005 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500
netmask 255.255.255.255 up
Fri Sep 16 00:10:50 2005 /sbin/route add -net 10.8.0.0 10.8.0.2
255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
Fri Sep 16 00:10:50 2005 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]
Fri Sep 16 00:10:50 2005 GID set to nobody
Fri Sep 16 00:10:50 2005 UID set to nobody
Fri Sep 16 00:10:50 2005 UDPv4 link local (bound): 192.168.0.3:1194
Fri Sep 16 00:10:50 2005 UDPv4 link remote: [undef]
Fri Sep 16 00:10:50 2005 MULTI: multi_init called, r=256 v=256
Fri Sep 16 00:10:50 2005 IFCONFIG POOL: base=10.8.0.4 size=62
Fri Sep 16 00:10:50 2005 IFCONFIG POOL LIST
Fri Sep 16 00:10:50 2005 Initialization Sequence Completed
Fri Sep 16 08:18:50 2005 MULTI: multi_create_instance called
Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Re-using SSL/TLS context
Fri Sep 16 08:18:50 2005 192.168.0.4:53537 LZO compression initialized
Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Control Channel MTU parms [
L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Data Channel MTU parms [ L:1542
D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Local Options hash (VER=V4):
'14168603'
Fri Sep 16 08:18:50 2005 192.168.0.4:53537 Expected Remote Options hash
(VER=V4): '504e774e'
Fri Sep 16 08:18:50 2005 192.168.0.4:53537 TLS: Initial packet from
192.168.0.4:53537, sid=c06f4d68 1e59a37e
Fri Sep 16 08:18:51 2005 192.168.0.4:53537 VERIFY OK: depth=1,
/C=US/ST=OH/L=ENGLEWOOD/O=davemehler.com_OpenVPN/CN=OpenVPN-CA/emailAddress=
[EMAIL PROTECTED]
Fri Sep 16 08:18:51 2005 192.168.0.4:53537 VERIFY OK: depth=0,
/C=US/ST=OH/O=davemehler.com_OpenVPN/CN=client1/[EMAIL PROTECTED]
ehler.com
Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Encrypt: Cipher
'BF-CBC' initialized with 128 bit key
Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Encrypt: Using 160
bit message hash 'SHA1' for HMAC authentication
Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Decrypt: Cipher
'BF-CBC' initialized with 128 bit key
Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Data Channel Decrypt: Using 160
bit message hash 'SHA1' for HMAC authentication
Fri Sep 16 08:18:51 2005 192.168.0.4:53537 Control Channel: TLSv1, cipher
TLSv1/SSLv3 DHE-RS

Re: routed daemon

2005-05-17 Thread Lowell Gilbert 
Jim Pazarena <[EMAIL PROTECTED]> writes:

> Can the routed daemon co-exist with a CISCO router which, by default,
> also responds to routing requests?
> 
> The reason I ask, is that I accidentally installed routed, and it
> was running, and my whole network came to a grinding halt, until
> I de-activated routed. I had not set up *any* configuration file
> or anything other than installing the port (by accident).
> 
> So did this halt my system because I had no configuration file, or
> because routed cannot co-exist with (in this case) my telco provided
> CISCO gateway router?

Certainly they *can* co-exist, but in your case there is no reason for
them to do so.  Your routed doesn't know about any routes that the
Cisco doesn't.  This is also (most likely) where the problem came
from; your routed was probably advertising routes that went through
the Cisco, causing the Cisco to pick up those routes through the
FreeBSD box, causing a routing loop.  In ordinary routing situations,
"split horizon" would keep this from happening, but because the
default route was configured statically, routed couldn't detect this.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routed(8)

2004-04-22 Thread Thomas Beer 
Try to put two lines in /etc/gateways

if=fxp2 passive
if=fxp3 passive

Cheers Tom

> Is it possible to have routed(8) ignore certain ethernet interfaces.
>
> For example, on a device with fxp[0-3], I only need routed to
> interact with fxp[0-1], and to ignore the existence of fxp[2-3].
>
> TIA,
> rip
>
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>
>

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: routed

2003-12-15 Thread Ion-Mihai Tetcu 
On Mon, 15 Dec 2003 16:33:20 -0800 (PST)
Valerian Galeru <[EMAIL PROTECTED]> wrote:

> I want to understand about these routing tables I
> run route flush (to remove all routes, gateways...).
> Yes, all the routes are deleted(i try a web browser
> and  i get an error), but when i run netstat -r, i
> dont see that. When i want to get again the routing
> table, i run routed (probably this is what i need for
> regetting the routing table) and when i try a web page
> on the web browser, it shows me the same eror as in
> the case of the deleted routing table. Probably i did
> something wrong... 

Dou you have a default geteway in your rc.conf ?

> Thank you very much or support

Contrar to popular belive routed(8) is not necesary when running a
standalone computer or event a simple gateway. I've spent half a day
arging with a fren on that, just to dicover to our both amusament the
cables where plugged each in the other nic ;)

Try disable the routed_enable line in /etc/rc.conf or change it to "NO",
reboot and you should have netwotk connnection, provided that you have a
defaultrouter="xxx.xxx.xxx.xxx" in the above file.

Routed(8) use RIP - Route Information Protocol, an interior gateway
protocol, which is suitable to use on small networks, which it uses to
get routing table from neghbour routers in order to build up a routing
table.

When you flush the routes you delete the defaul route seted in rc.conf
so your system does not know where to send packets for network other
that those directly connected.

Example:

Normal operation, without routed (I don't paste ipv6):
it>/home/itetcu# netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default192.168.0.1UGSc50rl0
127.0.0.1  127.0.0.1  UH  04lo0
192.168.0  link#1 UC  10rl0
192.168.0.100:e0:4c:55:c3:13  UHLW6   56rl0


it>/home/itetcu# route flush
it>/home/itetcu# netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
127.0.0.1  127.0.0.1  UH  04lo0
192.168.0  link#1 UC  10rl0
192.168.0.100:e0:4c:55:c3:13  UHLW0  190rl0   1030


The deaflault route has gonw away, the directly connected networks are still present.

it>/home/itetcu# ping www.freebsd.org
PING www.freebsd.org (216.136.204.117): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C

Note that www.freebsd.org resolves on 216.136.204.177 becouse I have a
name server on 192.168.0.1 which is on a directly connected network:

it>/home/itetcu# route get 192.168.0.1
   route to: 192.168.0.1
destination: 192.168.0.1
  interface: rl0
  flags: 
 recvpipe  sendpipe  ssthresh  rtt,msecrttvar  hopcount  mtu expire
   0 0 0 0 0 0  1500   820

Now if I add back the default route with:

it>/home/itetcu# route add default 192.168.0.1 0.0.0.0
add net default: gateway 192.168.0.1
it>/home/itetcu# netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default192.168.0.1UGSc00rl0
127.0.0.1  127.0.0.1  UH  04lo0
192.168.0  link#1 UC  10rl0
192.168.0.100:e0:4c:55:c3:13  UHLW1  222rl0935

I get my freebsd connection back:
it>/home/itetcu# ping www.freebsd.org
PING www.freebsd.org (216.136.204.117): 56 data bytes
64 bytes from 216.136.204.117: icmp_seq=0 ttl=50 time=242.811 ms
^C

All this time:
it>/home/itetcu# ps axw | grep routed
returns nada.

Reference, besides the man pages:
http://www.onlamp.com/pub/a/bsd/2000/08/23/FreeBSD_Basics.html
and the rest networking articles from there.

-- 
IOnut
Unregistered ;) FreeBSD user
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Solved! Was: Re: routed 'forgets' it's path (or something)

2003-06-27 Thread freeBSD 
Odd, but the soo simple solution which however I can't explain was to do
a:

route add default 192.168.0.1 

(192.168.0.1 is my gateway)


If someone can explain how the system could work for a while after the
route daemon was started and then suddenly forget all routing tables it
would be great, however it works for me know so I'm pleased again! ;)

 


On Sat, 2003-06-28 at 00:04, freeBSD wrote:
> I have run into a strange problem:
> 
> Suddenly has my nic no routingtables so name lookups etc doesn't work.
> 
> The only solution is to SU and kill routed and then start it again.
> 
> Everything will then work for an hour or so and then I'm back on step
> one again.
> 
> I have laborated with cvsup etc the last day, so it's probably something
> that's been changed, but I'm to novice to understan what.
> 
> I am running 5.0p7 now.
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"