I'm running OpenBSD on eight machines here, from version 4.6 on one of
them and version 4.9 and 5.0 on the rest, so I am quite used to
different PF syntax. That being said: I have really only limited
understanding of "routing tables" and other "heavy" technical stuff, but
I'm stubborn and usually get along without having to bother people with
too many stupid questions. But this time I'm lost...
Below is my (somewhat simplified) pf.conf:
1 ext = "url0"
2 int = "bge0"
3 wap = "acx0" ("wireless access point")
4 vpn = "tun0"
5 match out on $ext inet from !($ext) to any nat-to ($ext:0)
6 block log all
7 pass out on $ext
8 pass on $wap proto icmp all icmp-type 8 keep state
9 pass log on $wap proto udp from any to any port 1194 keep state
10 pass log quick on {lo,$int,$vpn}
11 antispoof quick for {lo,$int,$wap,$vpn}
My guess is that the problem has got something to do with routing. Here
is "route show" from the server:
Destination Gateway Flags Refs Use Mtu Prio Iface
default c01A05AC1.dhcp.blu UGS 3 23562 - 8 url0
loopback localhost UGRS 0 0 33196 8 lo0
localhost localhost UH 2 86 33196 4 lo0
192.168.2/24 link#5 UC 1 0 - 4 acx0
192.168.2.200 00:16:ea:b3:65:d0 UHLc 1 976 - 4 acx0
192.168.3/24 link#2 UC 3 0 - 4 bge0
192.168.3.1 00:14:c2:e1:ad:6f UHLc 0 16 - 4 lo0
192.168.3.101 fe:e1:ba:d0:d3:63 UHLc 0 147 - 4 bge0
192.168.3.106 00:1e:4f:95:19:1d UHLc 2 45224 - 4 bge0
c00A05AC1.dhcp.blu link#6 UC 2 0 - 4 url0
c01A05AC1.dhcp.blu 00:90:1a:42:6d:81 UHLc 2 133 - 4 url0
c96A45AC1.dhcp.blu localhost UGHS 0 0 33196 8 lo0
c5FAC5AC1.dhcp.blu 00:90:1a:42:6d:81 UHLc 0 4 - 4 url0
BASE-ADDRESS.MCAST localhost URS 0 0 33196 8 lo0
But I also guess that I'm neither describing my problem very good, nor
asking the right questions. Links to foolproof HOWTO's will be much
appreciated!
Regards,
Erling
On Thu, Dec 15, 2011 at 08:27:13AM -0500, Kenneth R Westerback wrote:
> On Thu, Dec 15, 2011 at 03:59:29AM +0100, Erling Westenvik wrote:
> > On Wed, Dec 14, 2011 at 06:28:55PM -0800, Johan Beisser wrote:
> > > On Wed, Dec 14, 2011 at 5:54 PM, Erling Westenvik
> > > <erling.westen...@gmail.com> wrote:
> > > > After upgrading (re-installing from scratch) my firewall from 4.6 (or
> > > > 4.7) to 5.0, I have not been able to get OpenVPN back working. Please
> > > > forgive me for asking here at misc but I have spent two days Googling,
> > > > reading tons of HOWTO's and trying out different solutions, but without
> > > > being able to solve the issue.
> > >
> > > What are your current pf.conf rules? Did you check that the syntax is
> > > right? Have you checked it for errors? Have you looked at the output
> > > for pflog?
> > >
> > > What's your current routing table? Does that look correct?
> >
> > pf.conf should be ok. It is the same as it was under the previously
> > working setup.
>
> Given the significant changed to pf and pf.conf syntax in recent years
> this is not a safe assumption. Not knowing exactly where you started
> from it's hard to say exactly.
>
> .... Ken
--
Regards,
Erling
-- In terra pax hommnibus bonae voluntatis
