On 11.03.2013 20:13, Michael Sierchio wrote:
Are you pushing routes in your server.conf file?
(hint - show, don't tell)
- M
On Wed, Mar 6, 2013 at 2:38 AM, Brent Clark <brentgclarkl...@gmail.com> wrote:
Hi guys
Im struggling with a freebsd vm, that I have that I use for a VPN connection
too, from my workstation to my home LAN. And I was wondering if someone
could peer review me and my problem.
OpenVPN is working beautifully. I.e. I can connect to some services (apache
etc) that I run directly on my FreeBSD / openvpn vm.
What im now trying to achieve is that I can connect to other VMs / machines
on my home LAN.
Im using tun for my VPN, and my pf.conf looks like so (please see the nat on
...)
[root@freebsd /usr/home/bclark]# cat /etc/pf.conf
ext_if="re0"
vpn_if="tun0"
int_net="10.0.0.0/24"
vpn_net="192.168.200.0/24"
set skip on lo0
set optimization normal
#set block-policy drop
set limit { states 20000, frags 10000, src-nodes 20000 }
# Normalization: reassemble fragments and resolve or reduce traffic
ambiguities.
scrub in all
# Translation: specify how addresses are to be mapped or redirected.
# NAT rules
# enabling NAT currently breaks policy based routing
#nat on $ext_if from { $int_net, $vpn_net } to any -> ($ext_if)
#nat on tun0 from { 192.168.200.0/24 } to any -> (re0)
nat on re0 from { 192.168.200.0/24 } to any -> (re0)
table <sshguard> persist
block in quick on re0 proto tcp from <sshguard> to any port ssh label "ssh
brute"
What am I missing?
If anyone could assist, it would be appreciated.
Kind Regards
Brent Clark
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
For your own network yes. You must route all your traffic, which is for
your other lan/ subnet.
Every VPN connect must be corrected routed, equal which vpn is used.
Else every traffic will go loose through internet traffic.
I connect some subnets with OpenVPN and every subnet must configured
with "ccd" (its a subfolder
with a filename of certificate- name and content with "iroute subnet" to
tell, when client xyz is connect,
subnet is there) and in server.conf. Else this subnets won't routed correct.
You can add this route manuell through its OpenVPN- Gateway.
Show:
server.conf: look for "client-config-dir /usr/local/.../ccd" in
server.conf and insert your subnet:
route 192.168.x.x 255.255.255.0
create a file with certificate-name under
"/usr/local/etc/openvpn/config/"your connect-name"/ccd/ and insert:
iroute 192.168.x.x 255.255.255.0
Look in /var/log/openvpn.log for the right certificate-name.
Everytime this certificat/ client is connect the subnet- traffic will be
routed through him.
Don't forget to restart openvpn. ;)
*Sorry, my english is not so good*
Regards
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
