From owner-freebsd-questions@FreeBSD.ORG Sun May 27 16:37:52 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3C96F16A4E1 for ; Sun, 27 May 2007 16:37:52 +0000 (UTC) (envelope-from mail@maxlor.com) Received: from popeye1.ggamaur.net (popeye1.ggamaur.net [213.160.40.50]) by mx1.freebsd.org (Postfix) with ESMTP id 109EA13C483 for ; Sun, 27 May 2007 16:37:50 +0000 (UTC) (envelope-from mail@maxlor.com) Received: from maxlor.mine.nu (maxlor@c-82-192-240-247.customer.ggaweb.ch [82.192.240.247]) by popeye1.ggamaur.net (8.13.7/8.13.7/Submit) with ESMTP id l4RGbc8G013253; Sun, 27 May 2007 18:37:40 +0200 (CEST) (envelope-from mail@maxlor.com) Received: from localhost (unknown [127.0.0.1]) by maxlor.mine.nu (Postfix) with ESMTP id 76B452E236; Sun, 27 May 2007 18:37:37 +0200 (CEST) X-Virus-Scanned: amavisd-new at atlantis.intranet Received: from maxlor.mine.nu ([127.0.0.1]) by localhost (atlantis.intranet [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VOBZsUSCFWZY; Sun, 27 May 2007 18:37:37 +0200 (CEST) Received: from mini.intranet (mini.intranet [10.0.0.17]) by maxlor.mine.nu (Postfix) with ESMTP id 366142E234; Sun, 27 May 2007 18:37:37 +0200 (CEST) From: Benjamin Lutz To: freebsd-questions@freebsd.org Date: Sun, 27 May 2007 18:37:35 +0200 User-Agent: KMail/1.9.5 References: <20070526143955.GA1122@pjf2.fbsd.home> In-Reply-To: <20070526143955.GA1122@pjf2.fbsd.home> X-Face: $Ov27?7*N,h60fIEfNJdb!m,@#4T/d; 1hw|W0zvsHM(a$Yn6BYQ0^SEEXvi8>D`|V*F"=?utf-8?q?=5F+=0A=09R2?=@Aq>+mNb4`,'[[%z9v0Fa~]AD1}xQO3|>b.z&}l#R-_(P`?@Mz"kS; XC>Eti,i3>%@=?utf-8?q?g=3F=0A=094f?=,\c7|Ghwb&ky$b2PJ^\0b83NkLsFKv|smL/cI4UD%Tu8alAD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3048559.DaakYa0Gvy"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200705271837.36028.mail@maxlor.com> X-Scanned-By: MIMEDefang 2.61 on 213.160.40.60 Cc: User Pjf Subject: Re: openvpn on freebsd problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 May 2007 16:37:52 -0000 --nextPart3048559.DaakYa0Gvy Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 26 May 2007 16:39, User Pjf wrote: > I install openvpn from port. Follow openvpn.net howto, vpn can > connect from client to server, but on client side, I cann't ping > server side other machines. > > On my server side, vpn server and gateway is same one box, I > use dev tun, the server has a public static ip address, install > nat,ipfw for internal net to Internet. > > In refer to howto, > "Make sure that you've enabled IP and TUN/TAP forwarding on > the OpenVPN server machine." > > I know IP forwarding is work fine, but how to enable TUN forwarding? You enable ip forwarding with the net.inet.ip.forwarding and=20 net.inet6.ip6.forwarding sysctls. However, if your gateway already=20 works for the internal net, I strongly suspect those sysctls are=20 already set to 1. I'd have a look at your firewall ruleset. It seems most likely to me=20 that the reason for your VPN not working lies there. I suggest that you=20 enable logging for any "deny" rules you have in your ruleset and see=20 whether any packets associated with the VPN connection are dropped. Cheers Benjamin --nextPart3048559.DaakYa0Gvy Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBGWbPQzZEjpyKHuQwRAvACAJ4mdpVAyfg6v+X5KtcFcEkOdX6AsQCfVYwi G78zCWI48A0Q3OcojFhfQUI= =Sonk -----END PGP SIGNATURE----- --nextPart3048559.DaakYa0Gvy--