View Single Post
  #3   (View Single Post)  
Old 28th January 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,904

Start simple
First try to get a simple ping working from the laptop to that webserver. I never really used OpenVPN so it will need some adjustments, but I hope you get the idea.

int_if = re0
ext_if = lo2 # just for testing on my single NIC machine

vpn_laptop =
www_server =

# --- default policy
# prevent pollution of our pflog0 with NTP packets
block quick inet proto udp from any to any port ntp
block log all


# --- NAT rule 
match out inet from ! egress to any  nat-to egress

pass out quick on $ext_if tagged PING  

# allow incoming SSH
pass in quick on $int_if inet proto tcp from $vpn_laptop to $int_if  port ssh

# allow incoming ping and tag it!
pass in quick on $int_if inet  proto icmp from $vpn_laptop to $www_server icmp-type echoreq  tag PING
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote