From owner-freebsd-questions@FreeBSD.ORG Mon Mar 11 19:13:38 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 189DBAAB for ; Mon, 11 Mar 2013 19:13:38 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-oa0-f41.google.com (mail-oa0-f41.google.com [209.85.219.41]) by mx1.freebsd.org (Postfix) with ESMTP id CBBD99E3 for ; Mon, 11 Mar 2013 19:13:37 +0000 (UTC) Received: by mail-oa0-f41.google.com with SMTP id i10so4884105oag.28 for ; Mon, 11 Mar 2013 12:13:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=oTwfOUCuEyCqANuHRWME31XLLMa3hsubDPQVWTU3Yrs=; b=lTxIGz1YjolGI4lPF4fqx+kSsQbTONqXWpCKByBQ7bJ8LFLLwINoDfzO7j+r3wkxKy WMyBOCrTMk5iSbZVzYI4rso5BHk9n8hIIY2R4hJujqwa2BjGyxZNGyV+imDdg3cvrAlQ 64FXK4lw7hJFjkIuhfi/kz7Sg6n1KMKLW7aA+yBM3zLltOvY4cmwMH32cFrmEVcqPdRo IVh5RkvUNsrXN2M1El9qgahfpz2Q7Z5nnhNj48NMUR2YvjkDQ1qg7lx7KDqq7wDKEzsG 8hfanxbAKEnTy0VkbJeb9jR2rI28US7iVqyX5jjLAXSvSGLCSrQQc41TTlpyk2NdsG5o ZIkw== MIME-Version: 1.0 X-Received: by 10.60.20.225 with SMTP id q1mr9735952oee.31.1363029216905; Mon, 11 Mar 2013 12:13:36 -0700 (PDT) Received: by 10.60.20.34 with HTTP; Mon, 11 Mar 2013 12:13:36 -0700 (PDT) In-Reply-To: <51371C8A.8050205@gmail.com> References: <51371C8A.8050205@gmail.com> Date: Mon, 11 Mar 2013 12:13:36 -0700 Message-ID: Subject: Re: OpenVPN vm cant connect to other VM's From: Michael Sierchio To: Brent Clark Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQmqQ5UwCmohGyJIJwVPYKPMtaIDr2+VlkiEeVZVleZNvgV89s/va0xjvXg/Cga4iVkVadoq Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 19:13:38 -0000 Are you pushing routes in your server.conf file? (hint - show, don't tell) - M On Wed, Mar 6, 2013 at 2:38 AM, Brent Clark wrote: > Hi guys > > Im struggling with a freebsd vm, that I have that I use for a VPN connection > too, from my workstation to my home LAN. And I was wondering if someone > could peer review me and my problem. > > OpenVPN is working beautifully. I.e. I can connect to some services (apache > etc) that I run directly on my FreeBSD / openvpn vm. > > What im now trying to achieve is that I can connect to other VMs / machines > on my home LAN. > > Im using tun for my VPN, and my pf.conf looks like so (please see the nat on > ...) > > [root@freebsd /usr/home/bclark]# cat /etc/pf.conf > ext_if="re0" > vpn_if="tun0" > int_net="10.0.0.0/24" > vpn_net="192.168.200.0/24" > set skip on lo0 > set optimization normal > #set block-policy drop > set limit { states 20000, frags 10000, src-nodes 20000 } > # Normalization: reassemble fragments and resolve or reduce traffic > ambiguities. > scrub in all > # Translation: specify how addresses are to be mapped or redirected. > # NAT rules > # enabling NAT currently breaks policy based routing > #nat on $ext_if from { $int_net, $vpn_net } to any -> ($ext_if) > #nat on tun0 from { 192.168.200.0/24 } to any -> (re0) > nat on re0 from { 192.168.200.0/24 } to any -> (re0) > > table persist > block in quick on re0 proto tcp from to any port ssh label "ssh > brute" > > What am I missing? > > If anyone could assist, it would be appreciated. > > Kind Regards > Brent Clark > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"