|
|||
Openvpn pf/nat/route-to issue
I'm having a pf/nat/route-to problem with openbsd 4.6 and openvpn
2.1_rc15. VPN setup works and I'm able to send (and receive data) when doing it directly from my openbsd firewall: # ping 192.36.171.154 Code:
PING 192.36.171.154 (192.36.171.154): 56 data bytes 64 bytes from 192.36.171.154: icmp_seq=0 ttl=60 time=21.692 ms Code:
tcpdump: listening on tun0, link-type EN10MB 22:56:59.951191 178.73.197.139 > 192.36.171.154: icmp: echo request 22:56:59.972697 192.36.171.154 > 178.73.197.139: icmp: echo reply fails. The really strange thing is that pflog0 says the packet is sent out on tun0, but the tcpdump on tun0 never sees the icmp packet: # tcpdump -ettt -ni pflog0 Code:
tcpdump: listening on pflog0, link-type PFLOG Jan 15 23:00:25.921497 rule 156.vpn.10/(match) pass in on vr2: 172.16.1.20 > 192.36.171.154: icmp: echo request (DF) Jan 15 23:00:25.921558 rule 100/(match) pass out on tun0: 178.73.197.139 > > 192.36.171.154: icmp: echo request (DF) Code:
tcpdump: listening on tun0, link-type EN10MB tun0 settings: Code:
# ifconfig tun0 tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500 lladdr 00:bd:e2:30:c0:01 priority: 0 media: Ethernet autoselect status: active inet 178.73.197.139 netmask 0xffffff80 broadcast 178.73.197.255 inet6 fe80::2bd:e2ff:fe30:c001%tun0 prefixlen 64 scopeid 0x7 Code:
nat on tun0 from 172.16.1.0/24 to any -> tun0 pass in log quick on dmzif route-to tun0 inet proto icmp from 172.16.1.0/24 to any icmp-type echoreq tag VPN_TRAFFIC pass out log quick on tun0 inet proto icmp from tun0 to any icmp-type echoreq tagged VPN_TRAFFIC Code:
# sysctl -a | grep net.inet.ip.forwa net.inet.ip.forwarding=1 Code:
dev tun0 dev-type tap |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Multi-Path or Route-To? | SlyM | OpenBSD General | 25 | 1st July 2016 04:21 PM |
Does pf conflict with OpenVPN? | Emile | OpenBSD Packages and Ports | 37 | 2nd February 2011 11:03 PM |
How to add static route using virtual NIC | bsdplus | Solaris | 1 | 22nd August 2010 02:10 AM |
ping: sendto: No route to host | joostvgh | OpenBSD General | 2 | 29th April 2010 12:34 PM |
Cannot set up OpenVPN | guitarscn | OpenBSD Security | 8 | 5th October 2009 05:19 PM |