A small introduction of myself: I'm a nerd, no doubt about it. I do stuff that most people would consider either useless, overkill or stupid. I'm self-taught like alot of other people. I like to constantly learn new techniques and software. And I really really love networking despite the lack of knowledge on my end.
Anyway, me and some likeminded guys on the Internet deployed a vpn for learning purposes. We where using OpenBSD for routing and as vpn gateways with IPSec for encapsulation.
Until recently we've had to add static routes on boxes on each LAN. We were using IP addresses starting with 10.x.x.x with each peer having it's own /24-subnet. We could not for the love of BSDs ping each others boxes on the different vpn sites without adding routes to all of the machines (or it's nets). Consulting the OpenBSD-channel on freenode (thanks Han!) I got the information that adding routes on the boxes shouldn't even be needed. This ought to be handled by the routers automatically.
This got me thinking. I did a little experiment pinging one of the other guys servers on one of the sites with my laptop. It worked. I was stumbled, how could my laptop which was running windows succeed with the pings? I had not specified any routes on it. So I started investigating. Didn't really get much useful output from the ipconfig command on the windows laptop. So i started looking into the output of ifconfig on the FreeBSD-box I was trying to ping from earlier.
From what I could collate between the outputs of the two commands it looked pretty much the same except for the obvious differential of the IP addresses. What the FreeBSD-box did have though that I missed out at the first glimpse was that it provided the broadcast address as part of the output. Now I was on to something. Remembering something vague from my beloved TCP/IP-book I soon realized that the broadcast address was wrong.
If I for instance would configure a nic with let's say 10.0.5.4 then ifconfig would assume the network was a /8. This is because according to rfc 1918, addresses that starts with 10.x belongs to a class A network which is a /8-network ( 16,777,214 IP addresses ) and that gives a broadcast address of 10.255.255.255. That's not correct at all. Even when specifying the proper netmask for a /24 which would be 255.255.255.0 it still wouldn't work because of the reason mentioned above. Specifying the correct brodcast address which in this case would be 10.0.5.255 turned out to be the solution to the problem.
Now, for those of you who are googling the problem (I'm sure we're not the only ones who has fallen into this caveat) don't forget to add the proper broadcast addresses!
