Hi guys,
So I have pf all set up in rc.conf and also this line in pf.conf:
OpenVPN also is set up nicely under 10.8.0.0/24. I have several sites connecting to this server VPN (hub and spoke) and they're all under the same subnet. I have no problems connecting client-to-client. But I don't need the client connecting to the internet via the server. They have their own internet connections.
I am having trouble SSH-ing into the server via VPN. I see my IP hitting the server on tcpdump and pflog, but it just times out. My suspicion is, it doesn't know how to return the traffic back to me on the 10.8.0.0 network. I have my pf.conf configured not to block any traffic for now.
When I ping my host from the server, I get these:
This is my netstat routing table:
I have another similar server that uses IPFW and NATd that I set up for testing, and that works nicely, the routing table appears as this:
Any idea on how I can get the similar routing table with pf? or anything else that could be wrong?
Thanks.
So I have pf all set up in rc.conf and also this line in pf.conf:
Code:
nat on $wanint inet from $vpnclients to any -> $wanintOpenVPN also is set up nicely under 10.8.0.0/24. I have several sites connecting to this server VPN (hub and spoke) and they're all under the same subnet. I have no problems connecting client-to-client. But I don't need the client connecting to the internet via the server. They have their own internet connections.
I am having trouble SSH-ing into the server via VPN. I see my IP hitting the server on tcpdump and pflog, but it just times out. My suspicion is, it doesn't know how to return the traffic back to me on the 10.8.0.0 network. I have my pf.conf configured not to block any traffic for now.
When I ping my host from the server, I get these:
Code:
36 bytes from localhost (127.0.0.1): Time to live exceeded
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 5c14 0 0000 01 01 0000 127.0.0.1 10.8.0.10This is my netstat routing table:
Code:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 128.199.192.1 UGS vtnet0
10.8.0.0/24 10.8.0.1 UGS lo0
10.8.0.1 link#5 UHS lo0
10.8.0.2 link#5 UH tun0
10.15.0.0/16 link#1 U vtnet0
10.15.0.6 link#1 UHS lo0
127.0.0.1 link#3 UH lo0
128.199.192.0/18 link#1 U vtnet0
128.199.204.114 link#1 UHS lo0I have another similar server that uses IPFW and NATd that I set up for testing, and that works nicely, the routing table appears as this:
Code:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 188.166.176.1 UGS vtnet0
10.8.0.0/24 10.8.0.1 UGS tun0
10.8.0.1 link#4 UHS lo0
10.8.0.2 link#4 UH tun0
10.15.0.0/16 link#1 U vtnet0
10.15.0.5 link#1 UHS lo0
127.0.0.1 link#3 UH lo0
188.166.176.0/20 link#1 U vtnet0
188.166.184.27 link#1 UHS lo0Any idea on how I can get the similar routing table with pf? or anything else that could be wrong?
Thanks.