|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
[VM] OpenVPN on host to redirect to VMs guests
Hi,
On my server @home, I use VM to virtualize two VM guests. host & guets execute OpenBSD 6.9. On the host, I had installed OpenVPNto use as client. My VPN connection run correctly. How should I configure PF to redirect the stream HTTP(S) to my VM web?
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733 Last edited by CiotBSD; 6th June 2021 at 03:05 AM. |
|
|||
Hi,
Some more details could be nice, (configuration files). To make sure : you need to redirect http(s) requests incoming from VPN tunnel to your VM? I guess a rdr-to should be enough. Code:
vpn_if=tun0 vm_ip = "10.0.0.2" ports = "{ www https }" pass in on $vpn_if proto tcp from any to $vpn_if port $ports_tcp rdr-to $vpn_ip
__________________
(Self-)Host your server with OpenBSD |
|
||||
The Virtualization chapter of the FAQ has a networking section which should help.
|
|
|||
by using nat-to?
@jjgimi: I don't understand how this can help me. My VM run correctly segun the 4 option, because they are on same network than host. But now, I desire redirect OpenVPN stream connected on host between the VM.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733 Last edited by CiotBSD; 5th June 2021 at 11:55 AM. |
|
||||||||
Pfff, I do not like this!
My virtualization config: Quote:
Quote:
Quote:
Quote:
- vm for dns : segment IP 3, instance for IPv4: inet 192.168.xyz.3, and IPv6: inet6 2a00:5881:8118:2100:c107:b5d::3 64 - vm for web : segment IP 4 Ok, this run correctly without no problem, @home, by my FAIbox. Now, I installed OpenVPN on the host, as client! (I pay a VPN service to a French association, named ARN-FAI) I changed the sysctl values to forward on IPv4, and IPv6 because, it seems needed. (not necessary for virtualization where host and guests are on same networks) Quote:
Quote:
Quote:
Quote:
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733 Last edited by CiotBSD; 6th June 2021 at 02:12 AM. |
|
|||
OK.
See, here my actuals rules on PF. (stay one day) And the traffic no pass. I try to put the rule : Quote:
Quote:
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733 Last edited by CiotBSD; 7th June 2021 at 12:35 PM. |
|
||||
All I can determine is that the traffic you want to redirect does not appear to match any of your existing (or your test) pass rules, other than your rule 0 "match" rule. I recommend running tcpdump(8) against the tun0 interface while watching the incoming traffic. You may be able to seeif there is something about the packets that will help you to revise your test pass rules so that they match.
|
|
|||
My guess from what little we see of you pf config, you're now mixing regular and quick rules. Regular rules are 'last match wins' so
'pass something' before 'block log' (which is 'block all') will never do what's in the pass rule. It will always be blocked. It's best to not mix quick and regular rules. |
Tags |
openbsd, openvpn, pf |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Tricky inbound redirect with pf | wbe | OpenBSD Security | 12 | 15th February 2019 02:01 PM |
Redirect kernel messages to another vt? | darktrym | NetBSD General | 2 | 16th October 2016 11:52 AM |
OpenVPN No Route To Host | Peter_APIIT | OpenBSD Security | 10 | 18th September 2015 03:05 AM |
VNC and sound redirect | DNAeon | FreeBSD Ports and Packages | 2 | 16th September 2009 07:52 PM |