I am back with old question new server. I realize IPFW is kind of old and semi useless but so am I.
I am trying, once again, to get the ability to use OpenVPN to
Results of
My server.conf for OpenVPN is:
My rc.conf is:
I am trying to add IPFW rules by hand based on an earlier suggestion in this forum from @varda but when I try either
or
or
I get
I have Googled and can't find much which isn't in Russian. Any idea how I messed up this time?
I am trying, once again, to get the ability to use OpenVPN to
ssh
to the server and also redirect the desktop internet through the OpenVPN to the internet.Results of
ifconfig
:
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
ether 00:13:8f:e5:e4:15
inet 209.160.65.133 netmask 0xfffff800 broadcast 209.160.71.255
inet 209.160.68.112 netmask 0xffffffff broadcast 209.160.68.112
media: Ethernet autoselect (10baseT/UTP <full-duplex>)
status: active
rl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:18:e7:08:27:dd
media: Ethernet autoselect
status: no carrier
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff
Opened by PID 4345
tap0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 00:bd:ae:f1:11:00
My server.conf for OpenVPN is:
Code:
user root
port 1194
proto udp
dev tun
push "redirect-gateway def1 bypass-dhcp"
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
route 10.8.0.2 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth /usr/local/etc/openvpn/keys/ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn.log
verb 9
mute 10
My rc.conf is:
Code:
defaultrouter="209.160.64.1"
hostname="tuna.theoceanwindow-bv.com"
ifconfig_re0="inet 209.160.65.133 netmask 0xfffff800"
ifconfig_re0_alias="inet 209.160.68.112 netmask 0xffffffff"
linux_enable="YES"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"
sshd_enable="YES"
webmin_enable="YES"
mysql_enable="YES"
apache22_enable="YES"
named_enable="YES"
gateway_enable="YES"
openvpn_if="tap"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
clamsmtpd_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"
dovecot_enable="YES"
ntpd_enable="YES"
inetd_enable="YES"
amavisd_enable="YES"
natd_enable="YES"
natd_interface="re0"
winbindd_enable="YES"
#postgrey_enable="YES"
#postgrey_pidfile="/var/run/postgrey.pid"
#postgrey_flags="--pidfile=${postgrey_pidfile} --inet=127.0.0.1:6000 -d
samba_enable="YES"
proftpd_enable="YES"
#ftpd_enable="YES"
squid_enable="YES"
sshd_enable="YES"
I am trying to add IPFW rules by hand based on an earlier suggestion in this forum from @varda but when I try either
ipfw nat 1 config if re0
or
ipfw nat 1 config ip 209.160.68.112
or
ipfw nat 1 config ip 209.160.65.133
I get
Code:
ipfw: setsockopt(IP_FW_NAT_CFG): Invalid argument
I have Googled and can't find much which isn't in Russian. Any idea how I messed up this time?
Last edited by a moderator: