Hi Simen. Then 10.0.8.1 and 10.0.8.2 are allocate by openvpn server and
in the client are 10.0.8.6 and 10.0.8.5
they appear in ifconfing of tun0 on client and server side in this form:
10.0.8.1 - 10.0.8.2
10.0.8.6 - 10.0.8.5
My purpose is to study VPN with openvpn and i've not a remote place
Hi list! I'm setting up a vpn between two openbsd firewall:
This is the scenario:
FW1 FW2
$ext 192.168.1.33 $ext 192.168.1.2
$int 10.1.1.1 $int 192.168.7.1
$host 10.1.3.53
On Mon, Jan 25, 2010 at 5:45 AM, Alessandro Baggi
alessandro.ba...@gmail.com wrote:
Hi list! I'm setting up a vpn between two openbsd firewall:
This is the scenario:
FW1 FW2
$ext 192.168.1.33 $ext 192.168.1.2
$int 10.1.1.1
On Mon, Jan 25, 2010 at 10:05 AM, Alessandro Baggi
alessandro.ba...@gmail.com wrote:
Johan Beisser wrote:
Hi Johan. Thanks for the answer. I've reduced my pf.conf on client and
server side to:
ext=rl0
int=rl1
nat on $ext from $int:network - $ext:0
nat on tun0 from $int:network - tun0:0
Johan Beisser wrote:
On Mon, Jan 25, 2010 at 5:45 AM, Alessandro Baggi
alessandro.ba...@gmail.com wrote:
Hi list! I'm setting up a vpn between two openbsd firewall:
This is the scenario:
FW1 FW2
$ext 192.168.1.33 $ext 192.168.1.2
Johan Beisser wrote:
On Mon, Jan 25, 2010 at 10:05 AM, Alessandro Baggi
alessandro.ba...@gmail.com wrote:
Johan Beisser wrote:
Hi Johan. Thanks for the answer. I've reduced my pf.conf on client and
server side to:
ext=rl0
int=rl1
nat on $ext from $int:network - $ext:0
nat on
and...
do you have the routing table for some of the hosts that can/cannot ping
each other?
Are there other gateways out of the networks, other than the openvpn box?
S.
Alessandro Baggi wrote:
Johan Beisser wrote:
On Mon, Jan 25, 2010 at 10:05 AM, Alessandro Baggi
Simen Stavdal wrote:
and...
do you have the routing table for some of the hosts that can/cannot
ping each other?
Are there other gateways out of the networks, other than the openvpn box?
S.
I'm trying openvpn in my internal network:
Simen Stavdal wrote:
Hello Alessandro,
Can you see any of the traffic on the inside LAN on the client side
with tcpdump?
I.e set tcpdump on $int with
tcpdump -i nameofinternalinterface proto icmp
and then try to ping from a server?
Silly suggestion, but
What about client side
Hello Alessandro,
Can you see any of the traffic on the inside LAN on the client side with
tcpdump?
I.e set tcpdump on $int with
tcpdump -i nameofinternalinterface proto icmp
and then try to ping from a server?
Silly suggestion, but
What about client side firewalls? Do they allow to be
Ciao Alessandro,
So, from the server, the client gets allocated 10.0.8.5/32
(btw, probably a minor thing, but in your server conf file, you have a
mismatch on the host/mask when you push the routes- it reads
push route 10.1.1.1 255.255.0.0 while it should read 10.1.0.0)
(doesn't seem to
Hi list again,
Sorry for delayed replie, I was away :)
My problem was solved by adding:
pass quick on tun0
to my /etc/pf.conf
Thanks Mark Rolen
Update. With help from the mailing list, both of my problems have
been solved. The first problem was the same as the original
poster. To reiterate, the problems were:
1. On startup, pf would not allow any packets through on tun0.
Thus openvpn would not work. The temporary fix was to ssh
I do have an /etc/hostname.tun0 file that I created manually with
touch.
What is the theory of openvpn being the problem source? Obviously
openvpn started up correctly or I would have to do more to fix the
problem than merely running pfctl -f /etc/pf.conf. :-) Thanks for
the pfctl -sr
* jean-philippe luiggi [EMAIL PROTECTED] [2007-07-20 03:04]:
I'm perhaps wrong but i think the interface must exists before loading
any rules which use it.
yes, you are almost wrong.
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP -
Mark Rolen [EMAIL PROTECTED] wrote:
I had the same symptom, where I'd have to manually reload my pf
rules
after a reboot to get OpenVPN traffic to flow. Using tcpdump
showed
that pf was blocking all the traffic on my tun interfaces although
I had
a set skip rule for them.
Here are my pf
[EMAIL PROTECTED] wrote:
Does this point to a problem with set skip on { lo, tun0 }? I
will try your suggestion to see if it works (pass quick on { tun0
tun1 }), but I dislike using quick in my rules.
I added up to my /etc/hostname.tun0 to see if that worked based
on one of the suggestions
On Fri, 20 Jul 2007 09:46:41 -0700 Mark Rolen [EMAIL PROTECTED]
wrote:
Using
the pass quick on tun0 rule somewhere at the top of your rules
should
work for you, let me know if not.
I made the following two changes to my pf.conf and this fixed the
problem.
#set skip on { lo, tun0 }
pass
Hi list,
I'm having weird problem with my openvpn install and pf.
I start vpn and connect to it from client computers with no problems,
but I can't access any computers on internal lan. Then I issue pfctl -f
/etc/pf.conf and everything starts to work. So my rc.local script is:
---
if [
I have the same problem. I was going to post a this question too
along with another question.
When I first boot up my OpenBSD 4.1 sever. I can not access my
OpenVPN wireless connection. I can access ssh wirelessly though.
So what I do is login via ssh and run pfctl -f /etc/pf.conf. Now
On Thu, 19 Jul 2007 15:06:55 -0700
[EMAIL PROTECTED] spake:
I have the same problem. I was going to post a this question too
along with another question.
When I first boot up my OpenBSD 4.1 sever. I can not access my
OpenVPN wireless connection. I can access ssh wirelessly though.
On Thu July 19 2007 5:12:58 pm Bill wrote:
On Thu, 19 Jul 2007 15:06:55 -0700
[EMAIL PROTECTED] spake:
I have the same problem. I was going to post a this question too
along with another question.
When I first boot up my OpenBSD 4.1 sever. I can not access my
OpenVPN wireless
I had the same symptom, where I'd have to manually reload my pf rules
after a reboot to get OpenVPN traffic to flow. Using tcpdump showed
that pf was blocking all the traffic on my tun interfaces although I had
a set skip rule for them.
I may not be completely right here, but I believe pf
Hello,
I'm perhaps wrong but i think the interface must exists before loading
any rules which use it.
Best regards,
Jean-philippe.
On Thu, 19 Jul 2007 10:47:31 +0300
Tomas [EMAIL PROTECTED] wrote:
Hi list,
I'm having weird problem with my openvpn install and pf.
I start vpn and connect
24 matches
Mail list logo
