Hi
I've been trying to configure a personnal wireguard VPN on a freebsd machine. Everything works until I try to configure my PF firewall. Without PF, I can connect and my IP address is changed. Here is my configuration :
I'm trying to filter all ports except ssh (it's on the Internet) and the VPN tunnel port. When using tcpdump on my VPN interface, I can see the client packets going through. For example, when I try "nslookup google.com", I can see the request going through, but no response is given back. What I am doing wrong ? Thanks for your help.
I've been trying to configure a personnal wireguard VPN on a freebsd machine. Everything works until I try to configure my PF firewall. Without PF, I can connect and my IP address is changed. Here is my configuration :
Code:
set skip on lo0
scrub in all
#nat
nat on vtnet0 from 10.0.0.0/24 to any -> (vtnet0)
#rules
block in all
pass out all keep state
pass in proto tcp from any to any port ssh keep state
pass in proto {udp,tcp} from 10.0.0.0/24 to 10.0.0.1 port 11111 keep state
pass in proto {udp,tcp} from 10.0.0.0/24 to vtnet0 keep state
I'm trying to filter all ports except ssh (it's on the Internet) and the VPN tunnel port. When using tcpdump on my VPN interface, I can see the client packets going through. For example, when I try "nslookup google.com", I can see the request going through, but no response is given back. What I am doing wrong ? Thanks for your help.