View Single Post
Old 15th March 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,975

On the other side is a ethernet interface fxp0 which connects to a dsl box and from there to the internet. The IP for fxp0 is assigned via dhcp from the dsl box within a different subnet than ne3. This is internal_interface_2 in pf rules.

OpenVPN is realized through tun0 interface. This is the "external" interface in pf rules.
This is confusing

Most people would call the fxp0 interface external, because it faces the public Internet. All interfaces connected to the the internal LAN, are called internal interfaces. In your case ne3 and athn0.

I only wanted to know whether you were using an OpenVPN service provider or running an OpenVPN server on your firewall.server.

If OpenVPN works for the clients on the wired LAN (those connected to the ne3 NIC), then I don't understand why the OpenVPN clients on the wireless LAN (athn0 interface) have problems connecting.

One possible issue could that both wireless and OpenVPN use the 10/? net
From your previously posted info:
10.0.x.x/24 are the IPs for vpn.
$ grep tun0 netstat.sws 
0/1                10.0.x.x           UGS        0     2562     -     8 tun0 
10.0.x.x/32        10.0.x.x           UGS        0        0     -     8 tun0 
10.0.x.x           10.0.x.x           UH         3        0     -     4 tun0 
128/1              10.0.x.x           UGS        0     2049     -     8 tun0
So the question is which prefix size doest he network have?
One simple way would be to use something like the10.88.0.0/16 network for athn0.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote