Whenever I start my OpenVPN (mullvad) my NAT stops working, i.e. no traffic gets through from my client to the internet. I can ping both sides from theFreeBSD router. I can ping the inside from my client machine i.e. the interface its connected to on the FreeBSD router. I can also ping my ISP's default gateway from my client machine. I have tried with pf rules allowing all traffic and logging but that doesn't seem to be the issue.
So the topology looks like this:
My machine (it's only a single machine at the moment but more hardware will be coming) <----> FreeBSD router <----> OpenVPN endpoint or ISP gateway.
Here's
I have obfuscated the IPs so 'Myispnetwork' is equivalent to the first three octects in a routeable IP. These are the same three octets in this case:
This is
Here's my mullvad.conf (i.e. openvpn.conf):
The up and down script (same script):
So the topology looks like this:
My machine (it's only a single machine at the moment but more hardware will be coming) <----> FreeBSD router <----> OpenVPN endpoint or ISP gateway.
Here's
netstat -rn without VPN running:I have obfuscated the IPs so 'Myispnetwork' is equivalent to the first three octects in a routeable IP. These are the same three octets in this case:
Code:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default Myispsnetwork.193 UGS 0 167566097 em0
Myispsnetwork.192/27 link#1 U 0 5919 em0
Myispsnetwork.194 link#1 UHS 0 0 lo0
127.0.0.1 link#4 UH 0 993647 lo0
172.16.0.0/24 link#2 U 0 154928084 igb0
172.16.0.3 link#2 UHS 0 0 lo0
netstat -rn with my VPN running:
Code:
Destination Gateway Flags Refs Use Netif Expire
0.0.0.0/1 10.8.0.73 UGS 0 85 tun0 =>
default Myispnetwork.193 UGS 0 167566549 em0
10.8.0.1/32 10.8.0.73 UGS 0 0 tun0
10.8.0.73 link#6 UH 0 0 tun0
10.8.0.74 link#6 UHS 0 0 lo0
Myispnetwork.192/27 link#1 U 0 5930 em0
Myispnetwork.194 link#1 UHS 0 0 lo0
95.211.136.21/32 94.137.110.193 UGS 0 2272 em0
127.0.0.1 link#4 UH 0 998624 lo0
128.0.0.0/1 10.8.0.73 UGS 0 9 tun0
172.16.0.0/24 link#2 U 0 154930115 igb0
172.16.0.3 link#2 UHS 0 0 lo0
Code:
client
dev tun
proto udp
remote nl.mullvad.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
remote-cert-tls server
ping-exit 60
script-security 2
up /usr/local/etc/openvpn/update-resolv-conf
down /usr/local/etc/openvpn/update-resolv-conf
ping 10
ca ca.crt
cert mullvad.crt
key mullvad.key
crl-verify crl.pem
The up and down script (same script):
Code:
#!/usr/local/bin/bash
[ -x /sbin/resolvconf ] || exit 0
case $script_type in
up)
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH="$part3"
fi
fi
done
R=""
if [ "$IF_DNS_SEARCH" ] ; then
R="${R}search $IF_DNS_SEARCH"
fi
for NS in $IF_DNS_NAMESERVERS ; do
R="${R}nameserver $NS"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
;;
down)
/sbin/resolvconf -d "${dev}.inet"
cp /usr/local/etc/openvpn/resolv.bak /etc/resolv.conf
;;
esac
IP=$(/sbin/ifconfig | grep -E 'inet.[0-9]' | grep -v 'tun0' | awk '{ print $4}' | tail -1);/usr/sbin/setfib 1 /sbin/route add default $IP