Forwarding packets generated through a VPN connection to a different subnet
Manas Bhatnagar
b.manas.88 at gmail.com
Tue Dec 9 04:07:06 UTC 2014
>You shouldn't need a firewall to do nat or redirecting. I suspect that:
>a) the openvpn server isn't setup for forwarding
>b) the clients don't have a correct route established
>
>I'd suggest that you turn off pf, using pfctl -d and watch what happens
>on your em1 interface, as that might also provide a clue (ie tcpdump -ni
>em1 )
>
>If this assists please provide a reply to the mailing list so others may
>benefit. :)
>
>Regards, Dewayne
It is working now. OpenVPN is configured to push the route:
push "route 10.8.1.0 255.255.255.0"
to clients. Gateway is not pushed to the client.
The line in PF that works is:
nat on em1 from 10.8.0.0/24 to any -> (em1)
Thanks for the input!
Thanks,
Manas
On Mon, Dec 8, 2014 at 8:52 PM, Dewayne Geraghty <
dewayne.geraghty at heuristicsystems.com.au> wrote:
> You shouldn't need a firewall to do nat or redirecting. I suspect that:
> a) the openvpn server isn't setup for forwarding
> b) the clients don't have a correct route established
>
> I'd suggest that you turn off pf, using pfctl -d and watch what happens
> on your em1 interface, as that might also provide a clue (ie tcpdump -ni
> em1 )
>
> If this assists please provide a reply to the mailing list so others may
> benefit. :)
>
> Regards, Dewayne
>
>
More information about the freebsd-pf
mailing list