From owner-freebsd-questions@FreeBSD.ORG Mon Mar 11 17:52:22 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id D9B2570F for ; Mon, 11 Mar 2013 17:52:22 +0000 (UTC) (envelope-from lokadamus@gmx.de) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by mx1.freebsd.org (Postfix) with ESMTP id 60CF934A for ; Mon, 11 Mar 2013 17:52:21 +0000 (UTC) Received: from mailout-de.gmx.net ([10.1.76.1]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0MM1JK-1U7OC32QRw-007kNC for ; Mon, 11 Mar 2013 18:52:15 +0100 Received: (qmail invoked by alias); 11 Mar 2013 17:52:15 -0000 Received: from 31-18-8-110-dynip.superkabel.de (EHLO [192.168.0.144]) [31.18.8.110] by mail.gmx.net (mp001) with SMTP; 11 Mar 2013 18:52:15 +0100 X-Authenticated: #3333826 X-Provags-ID: V01U2FsdGVkX1/zZIMGOmvzzMOplpgG+Mw92qPUabOuLOqxsBznMn b41NuqOvdhaqdG Message-ID: <513E19D5.1060004@gmx.de> Date: Mon, 11 Mar 2013 18:52:21 +0100 From: "lokadamus@gmx.de" User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:15.0) Gecko/20120909 Thunderbird/15.0 MIME-Version: 1.0 To: Brent Clark Subject: Re: OpenVPN vm cant connect to other VM's References: <51371C8A.8050205@gmail.com> In-Reply-To: <51371C8A.8050205@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 17:52:22 -0000 On 06.03.2013 11:38, Brent Clark wrote: > Hi guys > > Im struggling with a freebsd vm, that I have that I use for a VPN > connection too, from my workstation to my home LAN. And I was > wondering if someone could peer review me and my problem. > > OpenVPN is working beautifully. I.e. I can connect to some services > (apache etc) that I run directly on my FreeBSD / openvpn vm. > > What im now trying to achieve is that I can connect to other VMs / > machines on my home LAN. > > Im using tun for my VPN, and my pf.conf looks like so (please see the > nat on ...) > > [root@freebsd /usr/home/bclark]# cat /etc/pf.conf > ext_if="re0" > vpn_if="tun0" > int_net="10.0.0.0/24" > vpn_net="192.168.200.0/24" > set skip on lo0 > set optimization normal > #set block-policy drop > set limit { states 20000, frags 10000, src-nodes 20000 } > # Normalization: reassemble fragments and resolve or reduce traffic > ambiguities. > scrub in all > # Translation: specify how addresses are to be mapped or redirected. > # NAT rules > # enabling NAT currently breaks policy based routing > #nat on $ext_if from { $int_net, $vpn_net } to any -> ($ext_if) > #nat on tun0 from { 192.168.200.0/24 } to any -> (re0) > nat on re0 from { 192.168.200.0/24 } to any -> (re0) > > table persist > block in quick on re0 proto tcp from to any port ssh label > "ssh brute" > > What am I missing? > > If anyone could assist, it would be appreciated. > > Kind Regards > Brent Clark > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Is "sysctl net.inet.ip.forwarding=1" ? http://www.freebsd.org/doc/handbook/network-natd.html Have you set your route for 10.8.x.x- subnet to your vpn-host? Else all your traffic will go to your default gateway and when there is no route, it will go ins internet. Make a test with tcpdump and ping to see, where your traffic is going. Regards