On 06.03.2013 11:38, Brent Clark wrote:
Hi guys
Im struggling with a freebsd vm, that I have that I use for a VPN
connection too, from my workstation to my home LAN. And I was
wondering if someone could peer review me and my problem.
OpenVPN is working beautifully. I.e. I can connect to some services
(apache etc) that I run directly on my FreeBSD / openvpn vm.
What im now trying to achieve is that I can connect to other VMs /
machines on my home LAN.
Im using tun for my VPN, and my pf.conf looks like so (please see the
nat on ...)
[root@freebsd /usr/home/bclark]# cat /etc/pf.conf
ext_if="re0"
vpn_if="tun0"
int_net="10.0.0.0/24"
vpn_net="192.168.200.0/24"
set skip on lo0
set optimization normal
#set block-policy drop
set limit { states 20000, frags 10000, src-nodes 20000 }
# Normalization: reassemble fragments and resolve or reduce traffic
ambiguities.
scrub in all
# Translation: specify how addresses are to be mapped or redirected.
# NAT rules
# enabling NAT currently breaks policy based routing
#nat on $ext_if from { $int_net, $vpn_net } to any -> ($ext_if)
#nat on tun0 from { 192.168.200.0/24 } to any -> (re0)
nat on re0 from { 192.168.200.0/24 } to any -> (re0)
table <sshguard> persist
block in quick on re0 proto tcp from <sshguard> to any port ssh label
"ssh brute"
What am I missing?
If anyone could assist, it would be appreciated.
Kind Regards
Brent Clark
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscr...@freebsd.org"
Is "sysctl net.inet.ip.forwarding=1" ?
http://www.freebsd.org/doc/handbook/network-natd.html
Have you set your route for 10.8.x.x- subnet to your vpn-host?
Else all your traffic will go to your default gateway and when there is
no route, it will go ins internet.
Make a test with tcpdump and ping to see, where your traffic is going.
Regards
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
