Date: Mon, 8 Dec 2014 23:07:03 -0500 From: Manas Bhatnagar <b.manas.88@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: Forwarding packets generated through a VPN connection to a different subnet Message-ID: <CAN5odxAjB_f1rCQbDbRQ635m_m_bgfVZ1A=EbCbovQPMtufDyA@mail.gmail.com> In-Reply-To: <548655C6.3090709@heuristicsystems.com.au> References: <CAN5odxAT%2B=WQRmH08Rxy_H%2BFX=R-9Y58Ek__1GCMgH2DYoDphg@mail.gmail.com> <548655C6.3090709@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
>You shouldn't need a firewall to do nat or redirecting. I suspect that: >a) the openvpn server isn't setup for forwarding >b) the clients don't have a correct route established > >I'd suggest that you turn off pf, using pfctl -d and watch what happens >on your em1 interface, as that might also provide a clue (ie tcpdump -ni >em1 ) > >If this assists please provide a reply to the mailing list so others may >benefit. :) > >Regards, Dewayne It is working now. OpenVPN is configured to push the route: push "route 10.8.1.0 255.255.255.0" to clients. Gateway is not pushed to the client. The line in PF that works is: nat on em1 from 10.8.0.0/24 to any -> (em1) Thanks for the input! Thanks, Manas On Mon, Dec 8, 2014 at 8:52 PM, Dewayne Geraghty < dewayne.geraghty@heuristicsystems.com.au> wrote: > You shouldn't need a firewall to do nat or redirecting. I suspect that: > a) the openvpn server isn't setup for forwarding > b) the clients don't have a correct route established > > I'd suggest that you turn off pf, using pfctl -d and watch what happens > on your em1 interface, as that might also provide a clue (ie tcpdump -ni > em1 ) > > If this assists please provide a reply to the mailing list so others may > benefit. :) > > Regards, Dewayne > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN5odxAjB_f1rCQbDbRQ635m_m_bgfVZ1A=EbCbovQPMtufDyA>