Date: Wed, 24 Apr 2019 03:01:53 -0700 From: Doug Hardie <bc979@lafn.org> To: Odhiambo Washington <odhiambo@gmail.com> Cc: Richard Gallamore <ultima@freebsd.org>, Doug Hardie <bc979@lafn.org>, Karl Denninger <karl@denninger.net>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: openvpn Message-ID: <A51699CB-3766-4B2A-A1C1-D49A98AEACEB@mail.sermon-archive.info> In-Reply-To: <CAAdA2WOckOyQ4j89a54Be3DQFpzpyE1h1ZADgG_WgP9eSMxQ1g@mail.gmail.com> References: <0A8436BD-EFB8-4A54-B920-329096B89C5B@mail.sermon-archive.info> <a2326e8d-5d5c-6030-7d10-72dee3216f8a@denninger.net> <3D10CD79-CAE0-419A-9197-745B1A88FA30@mail.sermon-archive.info> <CANJ8om638JwJwUpwSXR=G-m_sfi_P66WvYm_b2V7xXiYL1dTJQ@mail.gmail.com> <CAAdA2WOckOyQ4j89a54Be3DQFpzpyE1h1ZADgG_WgP9eSMxQ1g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 24 April 2019, at 02:51, Odhiambo Washington <odhiambo@gmail.com> = wrote: >=20 >=20 >=20 > On Wed, 24 Apr 2019 at 10:51, Richard Gallamore <ultima@freebsd.org> = wrote: > Hello Doug, >=20 > I am suspect of the system not being configured as a router, aka = sysctl > values should be set to net.inet.ip.forwarding: 1 and > net.inet6.ip6.forwarding: 1 (for v6 traffic) to allow packets to be > forwarded. If you add /etc/rc.conf, file /etc/sysctl.conf, > /boot/loader.conf and pf.conf or ipfw configuration it will help = greatly in > understanding your configuration if this doesn't work. >=20 > Best regards, > Richard Gallamore >=20 > +1=20 >=20 > --=20 I don't believe that will accomplish anything. First of all there is = only one network interface. The packets are received by openvpn, = decrypted and then originated to the server in the clear. There is no = packet forwarding required. Second, If I use telnet from the remote = client to the server through the VPN, I do get a connection and it does = receive responses. When using port 25, postfix is reporting some = invalid characters in the very first packet. Those are logged and they = are definitely invalid. After that, the data is sent properly. SSH = does not appear to have that issue, but the responses never are visible = on the client. The response packets are arriving at the client. They = are correct between the server and openvpn. Just for the record inet forwarding is set to 1. inet6 is not used. = This is entirely IPv4. pf is not enabled on the server. It is on the = openvpn machine, but only resticts mail from a few servers that are = black holed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A51699CB-3766-4B2A-A1C1-D49A98AEACEB>