Date: Mon, 8 Dec 2014 20:01:27 -0500 From: Manas Bhatnagar <b.manas.88@gmail.com> To: freebsd-pf@freebsd.org Subject: Forwarding packets generated through a VPN connection to a different subnet Message-ID: <CAN5odxAT%2B=WQRmH08Rxy_H%2BFX=R-9Y58Ek__1GCMgH2DYoDphg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I have an OpenVPN server that is configured to hand out IP addresses on the 10.8.0.0/24 network, it creates a tun0 device. I also have an interface on the machine that is configured with the IP 10.8.1.11, this is on the em1 interface. I am able to ping to other machines on the 10.8.1.0/24 network from the machine. However, as an OpenVPN client, when I try to ping any address on the 10.8.1.0/24 network other than 10.8.1.11, I do not receive a response. My attempt at making this work was through using NAT with PF. This is the line in my /etc/pf.conf nat on tun0 from 10.8.0.0/24 to 10.8.1.0/24 -> (em1) When I run tcpdump -i tun0 on the machine I see the ICMP packets being generated by the OpenVPN client. But, when I check the traffic on em1 with tcpdump the source address is still in the 10.8.0.0/24 range. I have also tried the following pf.conf: rdr on tun0 from 10.8.0.0/24 to 10.8.1.0/24 -> (em1) nat on em1 from 10.8.0.0/24 to 10.8.1.0/24 -> (em1) rdr on em1 from 10.8.1.0/24 to 10.8.0.0/24 -> (tun0) With the same results. Please let me know how this can be configured. This is on 10.1-RELEASE. Thanks, Manas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN5odxAT%2B=WQRmH08Rxy_H%2BFX=R-9Y58Ek__1GCMgH2DYoDphg>