From owner-freebsd-questions@freebsd.org Mon Aug 28 03:40:45 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D2F4E04B61 for ; Mon, 28 Aug 2017 03:40:45 +0000 (UTC) (envelope-from ultima1252@gmail.com) Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 07F24671FF for ; Mon, 28 Aug 2017 03:40:45 +0000 (UTC) (envelope-from ultima1252@gmail.com) Received: by mail-yw0-x231.google.com with SMTP id s187so10535522ywf.2 for ; Sun, 27 Aug 2017 20:40:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QORWCPv0xlBNG7zyf/x4NNfjIjfvowfUSvjKLtMEZ1Q=; b=jgf6g0pudIn5OGKMQH32HDsBMNsHJLxbp1JGV8twVG/xxbZJNmU8/w4qarx3QrBFae AMZ6Vm7oSY/om6ZXXlysB2AyJbA0kr0rex8FMRi3OalFTgCceWxMlpVHnQjYmeiNYhRK ZwpbuZ5SjtR79qIR6bPcEcXHBo53cikVjjoBsXnFD32rg+EqftYR5nGgIdrSzr8tjAkg NBrkbWVoxN0vruvnImlWP0YHmyKLsHxUfPI0bLnI+LTOyOc8W1w2bxfkyH20L9q+UewC OJwMg/TooxjyFnoIedWO1dDYiBGvJyj4PcaVOgzaK/SJFBg+ayrfPCvQ1kyMB9m6wpT8 SwZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QORWCPv0xlBNG7zyf/x4NNfjIjfvowfUSvjKLtMEZ1Q=; b=TBfH6fhNeIxa5MRqhx3opW1taVSqLgnri+1wRLySzv5+VeBGcCAbGhglHnVpRb9WIf CSr6b89oYG5HVQvejuFVtTjf2BEzzSCpNDxSZP7GLbujuuJ6dEgAVQyHzUFAVLrOz1VP Lar/fCvH/rAMKkOijair27BMKHkmyaMsvmXyJuQX5hioVJ6vXYEzmuP/O75Q5PfIRHTI HwKntBCr5fpDnheB9rsWiL0xjr5sGG2itAG1eAxVrjjNaEVV+0SD8huol8pZxE9Dv4LB oCNpWD8dDsojtiTBKS7fLSwcgbgMwCCbU9nWOafqgoe4jsLtDbIvpUgZAlIhLdmU3qIR 76yQ== X-Gm-Message-State: AHYfb5j5b+kSooalImRAACGiO1yjVb2IAK9aT2jC8QlIn8Q69Ca5Eq2I FLSBoAaXF3LsMEEjpz1qsD3BZTpSY25GUBE= X-Received: by 10.37.79.69 with SMTP id d66mr4853471ybb.122.1503891644006; Sun, 27 Aug 2017 20:40:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.13.231.71 with HTTP; Sun, 27 Aug 2017 20:40:43 -0700 (PDT) In-Reply-To: <20170828030151.GB47551@FreeBSD> References: <20170827164229.W23641@sola.nimnet.asn.au> <20170828030151.GB47551@FreeBSD> From: Ultima Date: Sun, 27 Aug 2017 20:40:43 -0700 Message-ID: Subject: Re: STUMPED: Setting up OpenVPN server on FreeBSD (self.freebsd) To: Edgar Pettijohn Cc: Fongaboo , FreeBSD Mailing List , Ian Smith Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 03:40:45 -0000 > Do you think I need to add those new dev statements to the client's OpenVPN config as well? No, those variables are per configuration specific. Other than missing my last suggestion by not relying on :network translation and the tcp to udp Edger mentioned the configuration should work assuming the sysctl net.inet.ip.forwarding is 1. In other words pfctl.conf: localnet = 10.8.0.0/24 > I don't see where you are assigning a network to > the tun0 interface. But maybe that is handled by openvpn. Not sure though. Yes, openvpn does handles this that is why the network should be defined and not translated when possible for pf. Are you only attempting to connect to sites in your browser? Can you try pinging known ips on the internet? I usually do 8.8.8.8. Basically from the last post not sure if you can only connect to internet, or just dns issues. Hope this helps, Richard Gallamore