Date: Sat, 26 Aug 2017 11:13:40 -0500 From: Adam Vande More <amvandemore@gmail.com> To: Fongaboo <freebsd@fongaboo.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: STUMPED: Setting up OpenVPN server on FreeBSD (self.freebsd) Message-ID: <CA%2BtpaK3yo1GYBc%2B62=%2BNoRuEFPgoZjaPEdW7KgxqX_hiQ6npZw@mail.gmail.com> In-Reply-To: <alpine.BSF.2.20.1708260858410.50226@h4lix.wtfayla.net> References: <alpine.BSF.2.20.1708260858410.50226@h4lix.wtfayla.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 26, 2017 at 8:03 AM, Fongaboo <freebsd@fongaboo.com> wrote: > > I'm following this tutorial: > > https://www.digitalocean.com/community/tutorials/how-to-conf > igure-and-connect-to-a-private-openvpn-server-on-freebsd-10-1 > > Trying this on an AWS instance first and then planning to try on a bare > metal colo server. > > OpenVPN client and daemon seem to be working, in terms of handshaking and > connecting with each other. Problem is, no matter what I do, connected > clients can't get out to the Internet through the server's gateway > interface. > > I've tried setting up NATD, like the tutorial instructs. I've tried > enabling ipfw_nat as described in this comment: > > https://www.digitalocean.com/community/tutorials/how-to-conf > igure-and-connect-to-a-private-openvpn-server-on-freebsd-10- > 1?comment=40498 > > rc.conf (for NATD): > > #enable firewall > firewall_enable="YES" > firewall_script="/usr/local/etc/ipfw.rules" > firewall_type="open" > > gateway_enable="YES" > natd_enable="YES" > natd_interface="xn0" > natd_flags="-dynamic -m" > > rc.conf (revised for ipfw_nat): > > #enable firewall > firewall_enable="YES" > firewall_script="/usr/local/etc/ipfw.rules" > firewall_type="open" > firewall_nat_enable="YES" > firewall_nat_interface="xn0" > > gateway_enable="YES" > #natd_enable="YES" > #natd_interface="xn0" > #natd_flags="-dynamic -m" > > *xn0 = external interface of the server > > Neither config allows Internet access. I have this line enabled in > /usr/local/etc/openvpn/openvpn.conf: > > push "redirect-gateway def1 bypass-dhcp" > > Perhaps this is part of the solution?: > > # Configure server mode for ethernet bridging > # using a DHCP-proxy, where clients talk > # to the OpenVPN server-side DHCP server > # to receive their IP address allocation > # and DNS server addresses. You must first use > # your OS's bridging capability to bridge the TAP > # interface with the ethernet NIC interface. > # Note: this mode only works on clients (such as > # Windows), where the client-side TAP adapter is > # bound to a DHCP client. > ;server-bridge > > Any advice would be appreciated. I'm willing to try any combination of > ipfw vs. pf or natd vs. ipfw_nat or whatever if it will allow clients to > see the WAN. TIA! > tcpdump and ipfw logs. -- Adam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BtpaK3yo1GYBc%2B62=%2BNoRuEFPgoZjaPEdW7KgxqX_hiQ6npZw>