On Wed, Jun 24, 2009 at 11:43 AM, Torsten Kersandt <[email protected]>wrote:
> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On > Behalf Of Fire walls > Sent: 24 June 2009 16:53 > To: [email protected] > Subject: OpenVPN Client Nat question? > > Hi people. > > Working with pf, every day I'm understanding more pf. > > I have openvpn at work running on gentoo, I add my openvpn in my home FW > with freebsd 7.2, I setup everything and is working, I can reach my work > network. > > I read some sites on internet about this setup and they say something > about NAT the openvpn network but doesn't explain if this must be done just > in the server side or both sides, I mean server + client. > > In my case I'm a client, I have to NAT my vpn network? > > nat on $ext_if from $vpn_network to any -> ($ext_if) > > Or just need to play with the pass/block rules? > > Thanks all for your time!!! > > -- > :-) > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[email protected]" > > This is what I have got on my boxes > Openvpn.conf: > server 10.12.215.0 255.255.255.0 > ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt > > # Certificates for VPN Authentication > ca /usr/local/etc/openvpn/keys/soundnet/ca.crt > cert /usr/local/etc/openvpn/keys/soundnet/ca.crt > key /usr/local/etc/openvpn/keys/soundnet/ca.key > dh /usr/local/etc/openvpn/keys/soundnet/dh1024.pem > > # Routes to push to the client > push "route 192.168.100.0 255.255.255.0" > push "dhcp-option WINS 192.168.100.12" > push "dhcp-option DNS 192.168.100.12" > push "dhcp-option DNS 192.168.100.12" > push "dhcp-option DOMAIN home" > > pf.conf > vpn_if="tun0" > vpn_network="10.12.215.0/24" > > nat on $ext_if from $vpn_network to any -> ($ext_if) > nat on $int_if from $vpn_network to $int_net -> ($int_if) > > pass in quick on $vpn_if > pass out quick > > regards > Torsten > > > Hi Torsten. Hey but this config is for the server side right? What questions is, if I have have to NAT to in the client side? Thanks for your quick answer!!! -- :-) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
