I have a L2TP over IPsec VPN server with Internet connection using FreeBSD 10 set up as http://wiki.stocksy.co.uk/wiki/L2TP_VPN_in_FreeBSD. I can connect to it, and when I connect to it, I can ping all the devices in the VPN by the IP address assigned by VPN server. My problem is that I cannot access Internet resources through the VPN.
After three days' troubleshooting, I believe something is wrong with NAT. When I connect to the VPN, I tried to ping 8.8.8.8. In the meantime, I ran `tcpdump icmp and host 8.8.8.8` on the VPN server whose IP address in VPN is 10.0.0.1.
There were no response from 8.8.8.8, so ping requests timeout.
Could this be a problem of my NAT configuration? Because routable packets should use the external IP address of the VPN server as source address but my private IP address 10.0.0.150.
I cannot tell what is wrong with my pf.conf. Is there anyone can help me? I feel a little desperate. x(
After three days' troubleshooting, I believe something is wrong with NAT. When I connect to the VPN, I tried to ping 8.8.8.8. In the meantime, I ran `tcpdump icmp and host 8.8.8.8` on the VPN server whose IP address in VPN is 10.0.0.1.
Code:
# tcpdump icmp and host 8.8.8.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:35:36.438601 IP 10.0.0.150 > google-public-dns-a.google.com: ICMP echo request, id 49764, seq 0, length 64
12:35:37.451196 IP 10.0.0.150 > google-public-dns-a.google.com: ICMP echo request, id 49764, seq 1, length 64
12:35:38.456786 IP 10.0.0.150 > google-public-dns-a.google.com: ICMP echo request, id 49764, seq 2, length 64
12:35:39.455780 IP 10.0.0.150 > google-public-dns-a.google.com: ICMP echo request, id 49764, seq 3, length 64
12:35:40.459273 IP 10.0.0.150 > google-public-dns-a.google.com: ICMP echo request, id 49764, seq 4, length 64
Code:
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
I cannot tell what is wrong with my pf.conf. Is there anyone can help me? I feel a little desperate. x(
Code:
# /etc/pf.conf
ext_if="vtnet0"
wan=$ext_if:network
lan="10.0.0.0/8"
nat on $ext_if from $lan to any -> ($ext_if)