Date: Sun, 08 Sep 2002 22:34:32 +0200 From: emmekappa <emmekappa@openbeer.it> To: freebsd-questions@FreeBSD.ORG Subject: NAT and openvpn Message-ID: <3D7BB458.5020308@openbeer.it>
next in thread | raw e-mail | index | archive | help
Hello,
I use a FreeBSD 4.7-PRERELEASE as gateway, it forward all packet
from the lan to internet, to do this I've simply added "enable nat" to
my ppp.conf. Yesterday I've installed openvpn (v1.3.1) from ports,
after, I try to NAT all traffic (to the class 1.0.0.0) from my lan to
the new interface upped by openvpn. I try to explain me better:
gateway# uname -a
FreeBSD thegate 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #1: Sun Sep 8
01:40:12 CEST 2002
gateway# openvpn --config openvpn-server.conf
/*...blahblah...*/
add net 1.0.0.0: gateway 192.168.5.1 /* 192.168.5.1 is the remote
computer, I'm 192.168.5.2 */
86: GID set to nobody
87: UID set to nobody
88: Peer Connection Initiated with .... /* ok now the client is connected */
gateway# ifconfig tun2
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1255
inet6 fe80::250:fcff:fe3b:394c%tun2 prefixlen 64 scopeid 0xa
inet 192.168.5.2 --> 192.168.5.1 netmask 0xffffffff
Opened by PID 433
gateway# ping 192.168.5.1
(10:05 PM) root@thegate </etc/openvpn> # ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1): 56 data bytes
64 bytes from 192.168.5.1: icmp_seq=0 ttl=255 time=76.410 ms
64 bytes from 192.168.5.1: icmp_seq=1 ttl=255 time=75.324 ms
gateway# route add 1.0.0.0 192.168.5.1
gateway# ping 1.108.172.33
PING 1.108.172.33 (1.108.172.33): 56 data bytes
64 bytes from 1.108.172.33: icmp_seq=0 ttl=248 time=81.860 ms
64 bytes from 1.108.172.33: icmp_seq=1 ttl=248 time=90.273 ms
/* ok, the vpn seem to be ok.. now, some test with tcp */
gateway# lynx 1.108.172.33
/* ok, I can see the page */
/* now the rule for ipnat */
map tun2 from 192.168.0.0/16 to any -> 192.168.5.2/32
gateway# ipnat -l
List of active MAP/Redirect filters:
map tun2 from 192.168.0.0/16 to any -> 192.168.5.2/32
List of active sessions:
/* another computer... */
notebook$ ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1): 56 octets data
64 octets from 192.168.5.1: icmp_seq=0 ttl=254 time=75.8 ms
64 octets from 192.168.5.1: icmp_seq=1 ttl=254 time=77.2 ms
notebook$ ping 1.108.172.33
PING 1.108.172.33 (1.108.172.33): 56 octets data
64 octets from 1.108.172.33: icmp_seq=0 ttl=247 time=95.5 ms
64 octets from 1.108.172.33: icmp_seq=1 ttl=247 time=78.1 ms
/* all ok! */
notebook$ lynx 1.108.172.33
/* uhm?! lynx just say: "HTTP request sent; waiting for response." */
notebook$ telnet 1.108.172.33 80
Trying 1.108.172.33...
Connected to 1.108.172.33.
Escape character is '^]'.
GET /
/* nothing... */
noemmekappa@nrdbook:~$ telnet 1.108.172.33 80
Trying 1.108.172.33...
Connected to 1.108.172.33.
Escape character is '^]'.
blahblah /* just a test:PP */
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
....
/* uhm?! very strange! */
gateway# ipnat -l
(10:30 PM) root@thegate </etc/openvpn> # ipnat -l
List of active MAP/Redirect filters:
map tun2 from 192.168.0.0/16 to any -> 192.168.5.2/32
List of active sessions:
MAP 192.168.0.2 32814 <- -> 192.168.5.2 32814 [1.108.172.33 80]
/* it seem ok! */
---
I really don't know how to fix it! I don't think that this is a problem
of ipnat... maybe with openvpn... or maybe I wrote a bad nat rule:). I
don't know! plese help me!:)
bye!
- emmekappa
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D7BB458.5020308>