Date: Mon, 28 May 2007 09:51:54 +0800 From: Pei Pjf <peter@topcomtech.com.cn> To: Benjamin Lutz <mail@maxlor.com> Cc: freebsd-questions@freebsd.org Subject: Re: openvpn on freebsd problem Message-ID: <20070528015154.GA1195@pjfs.renzhichu.cc> In-Reply-To: <200705271837.36028.mail@maxlor.com> References: <20070526143955.GA1122@pjf2.fbsd.home> <200705271837.36028.mail@maxlor.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 27, 2007 at 06:37:35PM +0200, Benjamin Lutz wrote: > On Saturday 26 May 2007 16:39, User Pjf wrote: > > I install openvpn from port. Follow openvpn.net howto, vpn can > > connect from client to server, but on client side, I cann't ping > > server side other machines. > > > > On my server side, vpn server and gateway is same one box, I > > use dev tun, the server has a public static ip address, install > > nat,ipfw for internal net to Internet. > > > > In refer to howto, > > "Make sure that you've enabled IP and TUN/TAP forwarding on > > the OpenVPN server machine." > > > > I know IP forwarding is work fine, but how to enable TUN forwarding? > > You enable ip forwarding with the net.inet.ip.forwarding and > net.inet6.ip6.forwarding sysctls. However, if your gateway already > works for the internal net, I strongly suspect those sysctls are > already set to 1. > > I'd have a look at your firewall ruleset. I don't setup any firewall ruleset. I just use freebsd default ruleset.This is my /etc/rc.conf: # -- sysinstall generated deltas -- # Fri Oct 20 17:47:04 2006 # Created: Fri Oct 20 17:47:04 2006 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. check_quotas="NO" defaultrouter="219.137.13.1" #defaultrouter="192.168.14.254" hostname="pjfs.renzhichu.cc" ifconfig_em1="inet 219.137.13.77 netmask 255.255.255.0" ifconfig_rl0="inet 192.168.14.253 netmask 255.255.255.0" keymap="us.iso" sshd_enable="YES" usbd_enable="NO" named_enable="YES" inetd_enable="YES" gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="em1" natd_flags="" openvpn_enable="YES" > It seems most likely to me > that the reason for your VPN not working lies there. I suggest that you > enable logging for any "deny" rules you have in your ruleset and see > whether any packets associated with the VPN connection are dropped. OK. I add these two lines into /etc/sysctl.conf. net.inet.ip.fw.verbose=1 net.inet.ip.fw.verbose_limit=5 I will test it at this afternoon. > > Cheers > Benjamin Thank you very much. Pei
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070528015154.GA1195>