Re: Route for a special IP
vip="192.168.1.200" pass in quick from $vip to !192.168.1.0/24 route-to tun0 pass out quick on tun0 from $vip to any nat-to tun0 Best regards, Zhi-Qiang Lei > On Mar 12, 2015, at 1:34 PM, Zhi-Qiang Lei wrote: > > Thank you. This fix my problem. > > pass in quick from $vip to !192.168.1.0/24 route-to tun0 > pass out quick on tun0 from $vip to any nat-to tun0 > > Best regards, > Zhi-Qiang Lei > >> On Mar 12, 2015, at 4:54 AM, Giancarlo Razzolini mailto:grazzol...@gmail.com>> wrote: >> >> On 11-03-2015 12:39, Zhi-Qiang Lei wrote: >>> I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. >> >> I am assuming the pppoe0 connects directly to the internet and tun0 also >> has internet connectivity at the other end of the tunnel, right? >> >>> >>> Generally, all packets will go through pppoe0. However, now I have a special >>> client with IP 192.168.1.200, is it possible to force it to use tun0? Thanks. >> You can do this with a simple route-to rule: >> >> pass in quick from 192.168.1.200 to any route-to tun0 >> >> If tun0 has a fixed gateway address you can change the rule to: >> >> pass in quick from 192.168.1.200 to any route-to (tun0 gateway) >> >> Cheers, >> Giancarlo Razzolini
Re: Route for a special IP
Thank you. This fix my problem. pass in quick from $vip to !192.168.1.0/24 route-to tun0 pass out quick on tun0 from $vip to any nat-to tun0 Best regards, Zhi-Qiang Lei > On Mar 12, 2015, at 4:54 AM, Giancarlo Razzolini wrote: > > On 11-03-2015 12:39, Zhi-Qiang Lei wrote: >> I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. > > I am assuming the pppoe0 connects directly to the internet and tun0 also > has internet connectivity at the other end of the tunnel, right? > >> >> Generally, all packets will go through pppoe0. However, now I have a special >> client with IP 192.168.1.200, is it possible to force it to use tun0? Thanks. > You can do this with a simple route-to rule: > > pass in quick from 192.168.1.200 to any route-to tun0 > > If tun0 has a fixed gateway address you can change the rule to: > > pass in quick from 192.168.1.200 to any route-to (tun0 gateway) > > Cheers, > Giancarlo Razzolini
Re: Route for a special IP
On 2015-03-11 10:58 PM, Zhi-Qiang Lei wrote: > It was just a router which does NAT for local devices in > 192.168.1.0/24. The external interface, of cause, was pppoe0. Now for > some reason, I want one of the device with IP 192.168.1.200 > communicate with outside through the tunnel interface tun0 created by > OpenVPN. Normally I should setup OpenVPN client on that device, but it > has a low frequency CPU. Ah, you want the opposite of what I said then. The only way I know to do that is to use pf, and the route-to directive, which I think someone else already covered. -Adam
Re: Route for a special IP
It was just a router which does NAT for local devices in 192.168.1.0/24. The external interface, of cause, was pppoe0. Now for some reason, I want one of the device with IP 192.168.1.200 communicate with outside through the tunnel interface tun0 created by OpenVPN. Normally I should setup OpenVPN client on that device, but it has a low frequency CPU. Best regards, Zhi-Qiang Lei > On Mar 12, 2015, at 4:00 AM, Adam Thompson wrote: > > > On 03/11/2015 10:39 AM, Zhi-Qiang Lei wrote: >> I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. >> >> Generally, all packets will go through pppoe0. However, now I have a special >> client with IP 192.168.1.200, is it possible to force it to use tun0? Thanks. > > From route(8): > >route -v add -inet -host 192.168.1.200 A.B.C.D > > However, since AFAIK tun(4) interfaces on OpenBSD generally only occur when using OpenVPN you'd be better off letting OpenVPN manage tunnel routes for you. > If you've written some userspace daemon that talks to tun0, then 1) WTF are you doing?, and 2) you will need to either execute the above command or its programmatic equivalent - see route(4) for details. > > -Adam
Re: Route for a special IP
On 11-03-2015 12:39, Zhi-Qiang Lei wrote: > I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. I am assuming the pppoe0 connects directly to the internet and tun0 also has internet connectivity at the other end of the tunnel, right? > > Generally, all packets will go through pppoe0. However, now I have a special > client with IP 192.168.1.200, is it possible to force it to use tun0? Thanks. You can do this with a simple route-to rule: pass in quick from 192.168.1.200 to any route-to tun0 If tun0 has a fixed gateway address you can change the rule to: pass in quick from 192.168.1.200 to any route-to (tun0 gateway) Cheers, Giancarlo Razzolini
Re: Route for a special IP
On Wed, Mar 11, 2015 at 9:39 AM, Zhi-Qiang Lei wrote: > I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. > > Generally, all packets will go through pppoe0. However, now I have a special > client with IP 192.168.1.200, is it possible to force it to use tun0? You can use pf to perform source-based routing.
Re: Route for a special IP
On 03/11/2015 08:39 AM, Zhi-Qiang Lei wrote: > I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. > > Generally, all packets will go through pppoe0. However, now I have a special > client with IP 192.168.1.200, is it possible to force it to use tun0? Thanks. > > Best regards, > Zhi-Qiang Lei > Why would this not happen automatically? Is pppoe0 also on 192.168.1.x? If not, it would seem you might be making this harder than it really is? -- Those who do not understand Unix are condemned to reinvent it, poorly.
Route for a special IP
I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. Generally, all packets will go through pppoe0. However, now I have a special client with IP 192.168.1.200, is it possible to force it to use tun0? Thanks. Best regards, Zhi-Qiang Lei
