View Single Post
Old 13th March 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

So the client gets an IP, can ping the athn0 IP, but does not receive an answer from the nameserver at 195.x.x.x.53.

Try a ping from the wireless client to the 192.168.0.20 (internal net) IP.
Does a tcdpump on that interface (ne3) show the ICMP request? If it doesn't show an ICMP reply, then pf could be blocking it.
With a block log all policy you can see blocked packets with running tcpdump on the pflog0 interface (tcpdump -eni pflog0)

Something similar you can do for the DNS lookup. Follow the transport of the DNS request, by running tcpdump on every interface the packet should arrive on.


BTW If you keep insisting on using OpenVPN, you (and including me) will not be sure, whether we are trying to debug a network/pf issue or an OpenVPN problem. For OpenVPN see the OpenVPN revisited thread.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote