Date: Mon, 11 Mar 2013 18:52:21 +0100 From: "lokadamus@gmx.de" <lokadamus@gmx.de> To: Brent Clark <brentgclarklist@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: OpenVPN vm cant connect to other VM's Message-ID: <513E19D5.1060004@gmx.de> In-Reply-To: <51371C8A.8050205@gmail.com> References: <51371C8A.8050205@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06.03.2013 11:38, Brent Clark wrote:
> Hi guys
>
> Im struggling with a freebsd vm, that I have that I use for a VPN
> connection too, from my workstation to my home LAN. And I was
> wondering if someone could peer review me and my problem.
>
> OpenVPN is working beautifully. I.e. I can connect to some services
> (apache etc) that I run directly on my FreeBSD / openvpn vm.
>
> What im now trying to achieve is that I can connect to other VMs /
> machines on my home LAN.
>
> Im using tun for my VPN, and my pf.conf looks like so (please see the
> nat on ...)
>
> [root@freebsd /usr/home/bclark]# cat /etc/pf.conf
> ext_if="re0"
> vpn_if="tun0"
> int_net="10.0.0.0/24"
> vpn_net="192.168.200.0/24"
> set skip on lo0
> set optimization normal
> #set block-policy drop
> set limit { states 20000, frags 10000, src-nodes 20000 }
> # Normalization: reassemble fragments and resolve or reduce traffic
> ambiguities.
> scrub in all
> # Translation: specify how addresses are to be mapped or redirected.
> # NAT rules
> # enabling NAT currently breaks policy based routing
> #nat on $ext_if from { $int_net, $vpn_net } to any -> ($ext_if)
> #nat on tun0 from { 192.168.200.0/24 } to any -> (re0)
> nat on re0 from { 192.168.200.0/24 } to any -> (re0)
>
> table <sshguard> persist
> block in quick on re0 proto tcp from <sshguard> to any port ssh label
> "ssh brute"
>
> What am I missing?
>
> If anyone could assist, it would be appreciated.
>
> Kind Regards
> Brent Clark
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>
Is "sysctl net.inet.ip.forwarding=1" ?
http://www.freebsd.org/doc/handbook/network-natd.html
Have you set your route for 10.8.x.x- subnet to your vpn-host?
Else all your traffic will go to your default gateway and when there is
no route, it will go ins internet.
Make a test with tcpdump and ping to see, where your traffic is going.
Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?513E19D5.1060004>