Hello,
I've set up a VPN in order to connect two clients. Each client runs the same
piece of software, communicating over UDP. Initial discovery is made by
sending broadcasts, unfortunately the packets being sent don't contain the
correct VPN source address, but their local network's address. The answer
packets therefore never reach the VPN and are being delivered to the clients
local nets respectively.
related pf rules:
pass in on tun0 route-to tun1 from any to 255.255.255.255
pass in on tun1 route-to tun0 from any to 255.255.255.255
# ifconfig tun
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1400
inet 192.168.10.1 --> 192.168.10.3 netmask 0xffffffff
tun1: flags=8111<UP,POINTOPOINT,MULTICAST> mtu 1400
inet 192.168.10.1 --> 192.168.10.10 netmask 0xffffffff
# tcpdump -n -i tun0
19:57:47.527179 192.168.0.2.3754 > 255.255.255.255.22000: udp 8
19:57:47.527458 192.168.0.2.3754 > 255.255.255.255.22001: udp 8
19:57:47.527669 192.168.0.2.3754 > 255.255.255.255.22002: udp 8
Now the only rule (that I know of) rewriting source addresses is nat, but I
neither need to keep state, nor it works with broadcasts. Is it possible
with pf to just rewrite the source address of an incoming packet to
tunx:peer so answers will actually go where they are meant to?
Edgar
