NAT for use with OpenVPN

Phil Staub phil at staub.us
Wed Nov 13 23:54:19 UTC 2019 

On Wed, Nov 13, 2019 at 6:19 PM Phil Staub <phil at staub.us> wrote:

>
>
> On Wed, Nov 13, 2019 at 5:37 PM Morgan Wesström <
> freebsd-database at pp.dyndns.biz> wrote:
>
>> > See my follow up message. It's the SNAT directive. The tutorial I was
>> > looking at was
>> >
>> > https://www.karlrupp.net/en/computer/nat_tutorial
>>
>> Well, I'm too inexperienced with iptables to give you and advice here
>> unfortunately.
>>
>>

> > Definitely. I assume the way to test that would be to attempt to access
>> > my router from the outside the same way I would when I log in from the
>> > inside.
>>
>> Yes, connect your phone with mobile data only (no WiFi) and no VPN and
>> you can try to browse to the admin interface on your external ip. For a
>>
>
> It never connects. The connection times out.
>
> more thorough test you could install Termux which will give you a Linux
>> terminal in your phone. It comes with a built-in package manager so you
>> can install your favourite Linux tools. You can use it to install nmap
>> which is the defacto port scanning tool to use. The man page will give
>> you some examples of the syntax and it will scan for open ports. It
>> should only find your 1194 port used by OpenVPN.
>>
>
> I have been using a different terminal emulator, but I like Termux. I
> couldn't figure out how to do ctrl characters with the one I was using.
>
> nmap reports only one port open: 1720! I don't know what that's all about,
> but another port scanner I have been using didn't find that that port is
> open.
>
> Anyway, I'm going to be taking my laptop outside my home WiFi this evening
> and I'll see if I can get in to my local network with the OpenVPN client.
>
> Phil
>
>
I have a suspicion that the "standard" NAT for this box is being performed
within a bitdefender package. I found a bitdefender.tar file, and within
that file is some code that initializes an iptables chain called GUSTER. I
haven't had time to study it much yet, but I'll probably be working on it
tomorrow. Just wanted to share this with you this evening in case you might
have some thoughts or maybe have heard what the bitdefender capabilities
are.

Phil


>
>
>>
>> /Morgan
>> _______________________________________________
>> freebsd-pf at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>>
>

More information about the freebsd-pf mailing list