Hi,
I have a VPS running FreeBSD which I want to use as a VPN gateway to the Internet when on the road using public WiFi. I have set up OpenVPN and PF to my best knowledge, but routing just won't work. I can connect clients to the server, ping also works, but I do not get a route to the Internet. Could someone shed some light on my mistakes? The server has a public WAN IP assigned by DHCP.(here "1.2.3.4") The client to test in in a 192.168.0.0/24 subnet. The client receives 10.8.0.6 as IP and 10.8.0.5 as gateway which obviously does not work. I am using the following configuration:
As stated before, connecting works. The server answers pings on the VPN IP.
I found a couple of tutorials on the web but none of them seem to fit my requirements. Any help would be really appreciated.
Ben
I have a VPS running FreeBSD which I want to use as a VPN gateway to the Internet when on the road using public WiFi. I have set up OpenVPN and PF to my best knowledge, but routing just won't work. I can connect clients to the server, ping also works, but I do not get a route to the Internet. Could someone shed some light on my mistakes? The server has a public WAN IP assigned by DHCP.(here "1.2.3.4") The client to test in in a 192.168.0.0/24 subnet. The client receives 10.8.0.6 as IP and 10.8.0.5 as gateway which obviously does not work. I am using the following configuration:
Code:
#/usr/local/etc/openvpn/server.conf
port 1194
daemon
mode server
proto udp
dev tun0
tls-server
ca /usr/local/etc/ssl-admin/active/ca.crt
cert /usr/local/etc/ssl-admin/active/potemkin.crt
key /usr/local/etc/ssl-admin/active/potemkin.key
dh /usr/local/etc/ssl-admin/active/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
keepalive 10 60
ping-timer-rem
persist-tun
# Log
mute 3
verb 3
log /var/log/openvpn
status /var/log/openvpn-status
Code:
#/etc/rc.conf
ifconfig_re0="DHCP"
sshd_enable="YES"
gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
Code:
#/etc/pf.conf
if="re0"
vpn_if="tun0"
vpn_net = "10.8.0.0/24"
icmp_types = "echoreq"
open_tcp = "{ 1194,22}"
open_udp = "{ 1194, 22 }"
# wan ip
ip = 1.2.3.4
set block-policy drop
set skip on lo0
set limit { states 10000, frags 5000 }
set loginterface re0
set optimization normal
set require-order yes
set fingerprints "/etc/pf.os"
set ruleset-optimization basic
scrub in all fragment reassemble random-id
nat on $if from $vpn_net to any -> $ip
block log all
block return
antispoof quick for $if
pass in quick proto udp from any to port 1194 keep state label "openvpn"
# Pass stuff on the VPN interface
pass quick on $vpn_if keep state
pass in on $if proto tcp from any to any port 22 keep state
pass in on $if proto tcp from any to any port $open_tcp keep state
pass in on $if proto udp from any to any port $open_udp keep state
pass out quick all keep state
pass in on $if inet proto icmp all icmp-type $icmp_types keep state
pass in on $if inet proto udp from any to any port 33433 >< 33626 keep stateAs stated before, connecting works. The server answers pings on the VPN IP.
I found a couple of tutorials on the web but none of them seem to fit my requirements. Any help would be really appreciated.
Ben