I'm running OpenBSD on eight machines here, from version 4.6 on one of them and version 4.9 and 5.0 on the rest, so I am quite used to different PF syntax. That being said: I have really only limited understanding of "routing tables" and other "heavy" technical stuff, but I'm stubborn and usually get along without having to bother people with too many stupid questions. But this time I'm lost...
Below is my (somewhat simplified) pf.conf: 1 ext = "url0" 2 int = "bge0" 3 wap = "acx0" ("wireless access point") 4 vpn = "tun0" 5 match out on $ext inet from !($ext) to any nat-to ($ext:0) 6 block log all 7 pass out on $ext 8 pass on $wap proto icmp all icmp-type 8 keep state 9 pass log on $wap proto udp from any to any port 1194 keep state 10 pass log quick on {lo,$int,$vpn} 11 antispoof quick for {lo,$int,$wap,$vpn} My guess is that the problem has got something to do with routing. Here is "route show" from the server: Destination Gateway Flags Refs Use Mtu Prio Iface default c01A05AC1.dhcp.blu UGS 3 23562 - 8 url0 loopback localhost UGRS 0 0 33196 8 lo0 localhost localhost UH 2 86 33196 4 lo0 192.168.2/24 link#5 UC 1 0 - 4 acx0 192.168.2.200 00:16:ea:b3:65:d0 UHLc 1 976 - 4 acx0 192.168.3/24 link#2 UC 3 0 - 4 bge0 192.168.3.1 00:14:c2:e1:ad:6f UHLc 0 16 - 4 lo0 192.168.3.101 fe:e1:ba:d0:d3:63 UHLc 0 147 - 4 bge0 192.168.3.106 00:1e:4f:95:19:1d UHLc 2 45224 - 4 bge0 c00A05AC1.dhcp.blu link#6 UC 2 0 - 4 url0 c01A05AC1.dhcp.blu 00:90:1a:42:6d:81 UHLc 2 133 - 4 url0 c96A45AC1.dhcp.blu localhost UGHS 0 0 33196 8 lo0 c5FAC5AC1.dhcp.blu 00:90:1a:42:6d:81 UHLc 0 4 - 4 url0 BASE-ADDRESS.MCAST localhost URS 0 0 33196 8 lo0 But I also guess that I'm neither describing my problem very good, nor asking the right questions. Links to foolproof HOWTO's will be much appreciated! Regards, Erling On Thu, Dec 15, 2011 at 08:27:13AM -0500, Kenneth R Westerback wrote: > On Thu, Dec 15, 2011 at 03:59:29AM +0100, Erling Westenvik wrote: > > On Wed, Dec 14, 2011 at 06:28:55PM -0800, Johan Beisser wrote: > > > On Wed, Dec 14, 2011 at 5:54 PM, Erling Westenvik > > > <erling.westen...@gmail.com> wrote: > > > > After upgrading (re-installing from scratch) my firewall from 4.6 (or > > > > 4.7) to 5.0, I have not been able to get OpenVPN back working. Please > > > > forgive me for asking here at misc but I have spent two days Googling, > > > > reading tons of HOWTO's and trying out different solutions, but without > > > > being able to solve the issue. > > > > > > What are your current pf.conf rules? Did you check that the syntax is > > > right? Have you checked it for errors? Have you looked at the output > > > for pflog? > > > > > > What's your current routing table? Does that look correct? > > > > pf.conf should be ok. It is the same as it was under the previously > > working setup. > > Given the significant changed to pf and pf.conf syntax in recent years > this is not a safe assumption. Not knowing exactly where you started > from it's hard to say exactly. > > .... Ken -- Regards, Erling -- In terra pax hommnibus bonae voluntatis