Hi!
I have a pretty straight forward route I want to do with pf + openvpn, but somehow I can not get it working and I have been scratching my head for 3 hours now and I am feeling I am going to give myself a facepalm when receiving the answer here
So here it goes:
We have a office in Sweden and a server in Norway, they are connected together with openvpn on the range 10.0.2.0/24
For your information:
- Both servers has FreeBSD 8.2 with pf compiled in the kernel
- I do have gateway enabled on both servers.
- The server in Norway has ip 10.0.2.6 on the VPN and is fully accessable from anywhere on the Swedish network.
In Sweden the office has a LAN on 10.0.0.0/24, now I have no problem routing traffic going to 10.0.2.0/24 to the VPN. This has easily been solved with this line on the Swedish firewall
(Meaning I have no problem running ping/ssh or whatever to 10.0.2.6)
Now, I want to route all traffic on port 80 from a desktop on the LAN in Sweden with the ip 10.0.0.50 (I am just trying out with port 80 for test purposes).
I thought this was done with this configuration:
Sweden
Norway
But apperently not, I have tried a bunch of other rules too but haven not been able to come up with a working pair.
Anyone have any pointers or how to debug this? Any help is appreciated as I am really stuck now
I have a pretty straight forward route I want to do with pf + openvpn, but somehow I can not get it working and I have been scratching my head for 3 hours now and I am feeling I am going to give myself a facepalm when receiving the answer here
So here it goes:
We have a office in Sweden and a server in Norway, they are connected together with openvpn on the range 10.0.2.0/24
For your information:
- Both servers has FreeBSD 8.2 with pf compiled in the kernel
- I do have gateway enabled on both servers.
- The server in Norway has ip 10.0.2.6 on the VPN and is fully accessable from anywhere on the Swedish network.
In Sweden the office has a LAN on 10.0.0.0/24, now I have no problem routing traffic going to 10.0.2.0/24 to the VPN. This has easily been solved with this line on the Swedish firewall
Code:
nat on $server_vpn_if from $int_if:network to any -> ($server_vpn_if)
Now, I want to route all traffic on port 80 from a desktop on the LAN in Sweden with the ip 10.0.0.50 (I am just trying out with port 80 for test purposes).
I thought this was done with this configuration:
Sweden
Code:
pass in quick on $int_if route-to ($server_vpn_if 10.0.2.6) proto tcp from 10.0.0.50 to any port { 80 } keep state
Norway
Code:
nat on $ext_if from $vpn_if to any -> ($ext_if)
But apperently not, I have tried a bunch of other rules too but haven not been able to come up with a working pair.
Anyone have any pointers or how to debug this? Any help is appreciated as I am really stuck now