View Single Post
  #4   (View Single Post)  
Old 16th January 2012
lasstoff lasstoff is offline
New User
 
Join Date: Jan 2012
Posts: 3
Default

Solved!

Added default gateway on the route-to.. from:
Code:
pass in log quick on $dmz_if route-to tun0 inet proto icmp from $dmz_network to any icmp-type echoreq tag VPN_TRAFFIC
pass out log quick on tun0 inet proto icmp from tun0 to any icmp-type echoreq tagged VPN_TRAFFIC
to:
Code:
pass in log quick on $dmz_if route-to (tun0 <anonine_gateway>) inet proto icmp from $dmz_network to any icmp-type echoreq tag VPN_TRAFFIC
pass out log quick on tun0 inet proto icmp from tun0 to any icmp-type echoreq tagged VPN_TRAFFIC
Also had to modify my openvpn route-up.sh script slightly:
Code:
#!/bin/sh
pfctl -t anonine_gateway -T replace $route_vpn_gateway
/sbin/pfctl -a vpn -f /etc/pf.conf.vpn
Reply With Quote