Hi Matthew, this was it! Exactly the missing link :))
I went into it a bit more and found out that having it working depends on two settings: sysctl net.ipv4.conf.all.rp_filter=0 sysctl net.ipv4.conf.eth0.rp_filter=0 You can set that at runtime. If you want to configure it on system boot, add a file /etc/sysctl.d/60-network-security.conf or edit /etc/sysctl.conf, enabling these three lines net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.eth0.rp_filter=0 Obviously, its a bit static - so putting it into a wrapper script and handle the device having the default route would be the most flexible solution. Thanks again, Clemens Matthew Grooms wrote: > On 3/19/2010 9:01 AM, Clemens Perz wrote: >> >> Hmm, but it is not the best solution. Because now all connections inside >> the vpn are originating from my internal eth0 ip address, which might >> change when I move between DHCP driven networks. >> >> Will need to get back to tap then. It seems, that packages make it to >> the kernel, but somehow do not arrive at the tap device. Does that make >> sense to someone? Which screw I have to turn to make it work? >> > > Please have a look at this post. > > http://lists.shrew.net/mailman/htdig/vpn-help/2008-November/001827.html > > -Matthew > _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
