Date: Sun, 27 May 2007 18:37:35 +0200 From: Benjamin Lutz <mail@maxlor.com> To: freebsd-questions@freebsd.org Cc: User Pjf <peter@topcomtech.com.cn> Subject: Re: openvpn on freebsd problem Message-ID: <200705271837.36028.mail@maxlor.com> In-Reply-To: <20070526143955.GA1122@pjf2.fbsd.home> References: <20070526143955.GA1122@pjf2.fbsd.home>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Saturday 26 May 2007 16:39, User Pjf wrote: > I install openvpn from port. Follow openvpn.net howto, vpn can > connect from client to server, but on client side, I cann't ping > server side other machines. > > On my server side, vpn server and gateway is same one box, I > use dev tun, the server has a public static ip address, install > nat,ipfw for internal net to Internet. > > In refer to howto, > "Make sure that you've enabled IP and TUN/TAP forwarding on > the OpenVPN server machine." > > I know IP forwarding is work fine, but how to enable TUN forwarding? You enable ip forwarding with the net.inet.ip.forwarding and net.inet6.ip6.forwarding sysctls. However, if your gateway already works for the internal net, I strongly suspect those sysctls are already set to 1. I'd have a look at your firewall ruleset. It seems most likely to me that the reason for your VPN not working lies there. I suggest that you enable logging for any "deny" rules you have in your ruleset and see whether any packets associated with the VPN connection are dropped. Cheers Benjamin [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBGWbPQzZEjpyKHuQwRAvACAJ4mdpVAyfg6v+X5KtcFcEkOdX6AsQCfVYwi G78zCWI48A0Q3OcojFhfQUI= =Sonk -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705271837.36028.mail>