Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 May 2007 18:37:35 +0200
From:      Benjamin Lutz <mail@maxlor.com>
To:        freebsd-questions@freebsd.org
Cc:        User Pjf <peter@topcomtech.com.cn>
Subject:   Re: openvpn on freebsd problem
Message-ID:  <200705271837.36028.mail@maxlor.com>
In-Reply-To: <20070526143955.GA1122@pjf2.fbsd.home>
References:  <20070526143955.GA1122@pjf2.fbsd.home>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart3048559.DaakYa0Gvy
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Saturday 26 May 2007 16:39, User Pjf wrote:
> I install openvpn from port. Follow openvpn.net howto, vpn can
> connect from client to server, but on client side, I cann't ping
> server side other machines.
>
> On my server side, vpn server and gateway is same one box, I
> use dev tun, the server has a public static ip address, install
> nat,ipfw for internal net to Internet.
>
> In refer to howto,
> "Make sure that you've enabled IP and TUN/TAP forwarding on
> the OpenVPN server machine."
>
> I know IP forwarding is work fine, but how to enable TUN forwarding?

You enable ip forwarding with the net.inet.ip.forwarding and=20
net.inet6.ip6.forwarding sysctls. However, if your gateway already=20
works for the internal net, I strongly suspect those sysctls are=20
already set to 1.

I'd have a look at your firewall ruleset. It seems most likely to me=20
that the reason for your VPN not working lies there. I suggest that you=20
enable logging for any "deny" rules you have in your ruleset and see=20
whether any packets associated with the VPN connection are dropped.

Cheers
Benjamin

--nextPart3048559.DaakYa0Gvy
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGWbPQzZEjpyKHuQwRAvACAJ4mdpVAyfg6v+X5KtcFcEkOdX6AsQCfVYwi
G78zCWI48A0Q3OcojFhfQUI=
=Sonk
-----END PGP SIGNATURE-----

--nextPart3048559.DaakYa0Gvy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705271837.36028.mail>