hey,
I think i read all internet to solve my problem but i can't understand what is going on.
I have configured OpenVPN like others. I can connect from my laptop to the server but i can't go further. I can't do anything more for example view website.
My connection from laptop client looks good:
I can ping 10.8.0.1
And that's all. When im trying go to the google.pl, site is freezing and waiting, waiting ....
rc.conf
tcpdump
It looks like packets are going only in one direction except those 2 (huraa !).
I used some similar ipfw nat rules to these and it worked for a while:
It's only example.
I turned firewall, i was trying many configuration with pf/nat but doesn't work
Someone can tell me what's is going on with this ? Why can't i use normal routing ? What am i doing wrong ?
I think i read all internet to solve my problem but i can't understand what is going on.
I have configured OpenVPN like others. I can connect from my laptop to the server but i can't go further. I can't do anything more for example view website.
My connection from laptop client looks good:
Code:
....
Sun Feb 18 00:35:58 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Feb 18 00:35:58 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Feb 18 00:35:58 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Feb 18 00:35:58 2018 ROUTE_GATEWAY 192.168.8.1/255.255.255.0 IFACE=wlan0 HWADDR=a4:34:d9:46:c0:44
Sun Feb 18 00:35:58 2018 TUN/TAP device tun0 opened
Sun Feb 18 00:35:58 2018 TUN/TAP TX queue length set to 100
Sun Feb 18 00:35:58 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Feb 18 00:35:58 2018 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 18 00:35:58 2018 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sun Feb 18 00:35:58 2018 /sbin/ip route add 91.121.78.120/32 via 192.168.8.1
Sun Feb 18 00:35:58 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sun Feb 18 00:35:58 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Sun Feb 18 00:35:58 2018 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Sun Feb 18 00:35:58 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Feb 18 00:35:58 2018 Initialization Sequence Completed
Code:
bryn1u@laptop:~$ ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=186 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=83.a8 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=155 ms
rc.conf
Code:
gateway_enable="YES"
openvpn_enable="YES"
openvpn_if="tun"
tcpdump
Code:
root@BSD:~ # tcpdump -i em0 -n -l port 1194
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:30:25.751745 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 64
00:30:25.851860 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:26.091831 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:26.871860 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:27.131810 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:28.898794 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:29.151858 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:29.691867 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:31.530315 IP 46.215.82.205.35467 > 91.121.78.120.1194: UDP, length 54
00:30:32.131735 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 76
00:30:33.011802 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:33.251820 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:33.271735 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:34.271837 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:34.811817 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:34.818691 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:35.896143 IP 91.121.78.120.1194 > 46.215.82.205.32848: UDP, length 37 - 1)
00:30:36.211897 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 64
00:30:36.291780 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:40.431782 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:41.211750 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:41.471936 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:44.711958 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:44.971849 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:45.711854 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:45.711971 IP 91.121.78.120.1194 > 46.215.82.205.32848: UDP, length 37 - 2)
00:30:45.731934 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
00:30:45.971966 IP 46.215.82.205.32848 > 91.121.78.120.1194: UDP, length 84
It looks like packets are going only in one direction except those 2 (huraa !).
I used some similar ipfw nat rules to these and it worked for a while:
It's only example.
Code:
ipfw nat 1 config if epair0b
ipfw add nat 1 all from 10.8.0.0/24 to any out via epair0b
ipfw add nat 1 all from any to any in via epair0b
Someone can tell me what's is going on with this ? Why can't i use normal routing ? What am i doing wrong ?