From owner-freebsd-pf@freebsd.org Sat Nov 9 22:15:18 2019 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1322117F0F2 for ; Sat, 9 Nov 2019 22:15:18 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from keymaster.local (ns1.xn--wesstrm-f1a.se [IPv6:2a00:d880:5:1b9::8526]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "keymaster.pp.dyndns.biz", Issuer "keymaster.pp.dyndns.biz" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 479WfY2g1Jz4FTD for ; Sat, 9 Nov 2019 22:15:16 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from [192.168.69.69] ([192.168.69.69]) by keymaster.local (8.15.2/8.15.2) with ESMTP id xA9MFFJJ092452 for ; Sat, 9 Nov 2019 23:15:15 +0100 (CET) (envelope-from freebsd-database@pp.dyndns.biz) Subject: Re: NAT for use with OpenVPN To: freebsd-pf@freebsd.org References: From: =?UTF-8?Q?Morgan_Wesstr=c3=b6m?= Message-ID: Date: Sat, 9 Nov 2019 23:15:15 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 479WfY2g1Jz4FTD X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-database@pp.dyndns.biz has no SPF policy when checking 2a00:d880:5:1b9::8526) smtp.mailfrom=freebsd-database@pp.dyndns.biz X-Spamd-Result: default: False [2.12 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.63)[-0.633,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.06)[asn: 198203(-0.33), country: NL(0.02)]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_LONG(0.61)[0.613,0]; HFILTER_HELO_IP_A(1.00)[keymaster.local]; R_SPF_NA(0.00)[]; DMARC_NA(0.00)[pp.dyndns.biz]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:198203, ipnet:2a00:d880::/32, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; HFILTER_HELO_NORES_A_OR_MX(0.30)[keymaster.local]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Nov 2019 22:15:18 -0000 Phil, I forgot... OpenVPN needs its own subnet in the config file. Make sure you don't use the same subnet as your LAN uses because that would confuse the routing and could result in the behaviour you describe in your initial post. Data would reach the server but return packets wouldn't find their way back onto the Internet. I would need to see your OpenVPN config and details about the subnets you use to spot any errors. /Morgan