# OpenVPN



## darkshadow (Aug 21, 2012)

Hi All,

I spent 3 days just to figure out a solution for this problem.

I subscribed to VPN solution and every thing work fine on any machine where OpenVPN installed on it , but I'm trying to setup a network gateway (FreeBSD box) to redirect all the incoming local traffic to VPN .

The current installation as follows :-


```
ifconfig_bridge0="addm wlan0 addm fxp0 up"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="tun0"
natd_flags=""
```

Where wlan0 is local access point (network card on the gateway), and fxp0 attached to a router, which connected to the public internet .

Any body have any idea on how to route all the traffic to OpenVPN network ?


----------



## darkshadow (Aug 21, 2012)

Here is the ifconfig output 


```
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
	ether 00:19:e0:89:8c:39
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
	status: running
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
	ether 00:19:d1:41:16:79
	inet 10.0.0.9 netmask 0xffffff00 broadcast 10.0.0.255
	inet 10.0.0.10 netmask 0xffffff00 broadcast 10.0.0.255
	inet 10.0.0.11 netmask 0xffffff00 broadcast 10.0.0.255
	inet 10.0.0.12 netmask 0xffffff00 broadcast 10.0.0.255
	inet 10.0.0.13 netmask 0xffffff00 broadcast 10.0.0.255
	inet 10.0.0.14 netmask 0xffffff00 broadcast 10.0.0.255
	inet 10.0.0.15 netmask 0xffffff00 broadcast 10.0.0.255
	inet 10.0.0.6 netmask 0xffffff00 broadcast 10.0.0.255
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 02:f5:9c:11:10:00
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: fxp0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 7 priority 128 path cost 55
	member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 12 priority 128 path cost 370370
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 00:19:e0:89:8c:39
	inet 10.0.0.19 netmask 0xffffff00 broadcast 10.0.0.255
	inet6 fe80::219:e0ff:fe89:8c39%wlan0 prefixlen 64 scopeid 0xc 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
	status: running
	ssid magus channel 1 (2412 MHz 11g) bssid 00:19:e0:89:8c:39
	regdomain 32924 country CN indoor ecm authmode WPA privacy MIXED
	deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit txpower 20 scanvalid 60
	protmode CTS wme burst dtimperiod 1 -dfs
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33200
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	inet6 fe80::219:e0ff:fe89:8c39%tun0 prefixlen 64 scopeid 0xe 
	inet 10.119.2.146 --> 10.119.2.145 netmask 0xffffffff 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	Opened by PID 2243
```


----------



## kr651129 (Aug 21, 2012)

Have you tried the handbook yet?

A lot of times I've already looked at the handbook but just skimmed it assuming most of it was common information, but went back and read the section in question and found my solution.


----------



## darkshadow (Aug 21, 2012)

*Handbook!*

Handbook cover general topic, I found a solution, just add those rule to ipfw and every thing will work fine:-


```
ipfw -f flush
ipfw add divert natd ip from any to any via tun0
ipfw add pass all from any to any
```

Can this be done in PF ?


----------



## kpa (Aug 25, 2012)

Something like this could work:


```
nat on tun0 from 10.0.0.0/24 to any -> (tun0)

pass in from 10.0.0.0/24 to any route-to ( tun0 10.119.2.145 )
```

The remote address of the tunnel 10.119.2.145 may be expressed as tun0:peer, not exactly sure.


----------

