I'd like to setup OpenVPN between a FreeBSD client and an (Arch) Linux server such that
- All Internet-bound traffic explicitly sent from FreeBSD over the tunnel device is routed through OpenVPN
- The default gateway/route on the FreeBSD side remains untouched.
In other words, if I do something like
curl --interface tun0 example.com on FreeBSD, I want the request to example.com to be routed through OpenVPN, but if I just do
curl example.com I want that to ignore the VPN tunnel.
Thus far, I've successfully established a basic connection between the two machines, and both sides can see each other.
I can go through the tunnel to fetch data from the Web server running on the remote machine:
$ curl 10.8.0.1 <!DOCTYPE html> ...
For completeness, I also tested what happens if I explicitly specify the interface, and it works:
$ curl --interface 10.8.0.14 10.8.0.1 <!DOCTYPE html> ... $ curl --interface tun0 10.8.0.1 <!DOCTYPE html> ...
However, using the interface for any other host/IP fails:
$ curl --interface tun0 example.com *hang* $ curl --interface tun0 188.8.131.52 # (the IP I got for example.com) *hang*
OpenVPN (on the FreeBSD side) doesn't print any
RwRw when I do this, so I assume (and I think correctly) that FreeBSD's network stack is insufficiently configured to know how to route arbitrary traffic on
tun0 through OpenVPN properly.
All the examples I've found to configure this kind of routing are Linux-specific; what do I do for FreeBSD?
I can make arbitrary changes on both the FreeBSD and Linux sides, if that makes configuration easier.
I initially intended to post this to networkengineering.stackexchange.com, but the freebsd and openvpn tags aren't defined there so I'm posting here instead.