View Single Post
  #3   (View Single Post)  
Old 28th January 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,904
Default

Start simple
First try to get a simple ping working from the laptop to that webserver. I never really used OpenVPN so it will need some adjustments, but I hope you get the idea.

Code:
int_if = re0
ext_if = lo2 # just for testing on my single NIC machine

vpn_laptop = 10.8.0.34
www_server = 10.7.1.2

# --- default policy
# prevent pollution of our pflog0 with NTP packets
block quick inet proto udp from any to any port ntp
block log all

# --- EXTERNAL INTERFACE

# --- NAT rule 
match out inet from ! egress to any  nat-to egress

pass out quick on $ext_if tagged PING  

# --- INTERNAL INTERFACE
# allow incoming SSH
pass in quick on $int_if inet proto tcp from $vpn_laptop to $int_if  port ssh

# allow incoming ping and tag it!
pass in quick on $int_if inet  proto icmp from $vpn_laptop to $www_server icmp-type echoreq  tag PING
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote