Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 May 2007 09:51:54 +0800
From:      Pei Pjf <peter@topcomtech.com.cn>
To:        Benjamin Lutz <mail@maxlor.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: openvpn on freebsd problem
Message-ID:  <20070528015154.GA1195@pjfs.renzhichu.cc>
In-Reply-To: <200705271837.36028.mail@maxlor.com>
References:  <20070526143955.GA1122@pjf2.fbsd.home> <200705271837.36028.mail@maxlor.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 27, 2007 at 06:37:35PM +0200, Benjamin Lutz wrote:
> On Saturday 26 May 2007 16:39, User Pjf wrote:
> > I install openvpn from port. Follow openvpn.net howto, vpn can
> > connect from client to server, but on client side, I cann't ping
> > server side other machines.
> >
> > On my server side, vpn server and gateway is same one box, I
> > use dev tun, the server has a public static ip address, install
> > nat,ipfw for internal net to Internet.
> >
> > In refer to howto,
> > "Make sure that you've enabled IP and TUN/TAP forwarding on
> > the OpenVPN server machine."
> >
> > I know IP forwarding is work fine, but how to enable TUN forwarding?
> 
> You enable ip forwarding with the net.inet.ip.forwarding and 
> net.inet6.ip6.forwarding sysctls. However, if your gateway already 
> works for the internal net, I strongly suspect those sysctls are 
> already set to 1.
> 
> I'd have a look at your firewall ruleset.

I don't setup any firewall ruleset. I just use freebsd default ruleset.This is my /etc/rc.conf:

# -- sysinstall generated deltas -- # Fri Oct 20 17:47:04 2006
# Created: Fri Oct 20 17:47:04 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
check_quotas="NO"
defaultrouter="219.137.13.1"
#defaultrouter="192.168.14.254"
hostname="pjfs.renzhichu.cc"
ifconfig_em1="inet 219.137.13.77  netmask 255.255.255.0"
ifconfig_rl0="inet 192.168.14.253  netmask 255.255.255.0"
keymap="us.iso"
sshd_enable="YES"
usbd_enable="NO"
named_enable="YES"
inetd_enable="YES"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="em1"
natd_flags=""
openvpn_enable="YES"

> It seems most likely to me 
> that the reason for your VPN not working lies there. I suggest that you 
> enable logging for any "deny" rules you have in your ruleset and see 
> whether any packets associated with the VPN connection are dropped.

OK. I add these two lines into /etc/sysctl.conf. 
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5 

I will test it at this afternoon. 
> 
> Cheers
> Benjamin

Thank you very much.

Pei



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070528015154.GA1195>