PF Share my vpn with network

D

dcastellacci

Hello

I would like to be able to access the internet from my vm bhyve (Archlinux).
In my vm (Bhyve) (Archlinux)
As it stands I can ping www.google.fr and it works.
On the other hand if I open Firefox and type google.fr nothing is displayed in Firefox


Thanking you
Sincerely
D. Castellacci


here is my network
Router
192.168.0.1 --> internet

PC #1 (my vpn is launched here)
192.168.0.100 ue0
192.168.8.1 re0
10.5.0.2 wg1 --> VPN

PC #2
192.168.8.2 igc0
192.168.10.1 bridge0 (tap0, tap1, tap2)

VM Bhyve
192.168.10.18 enp0s5




my conf pf.conf on pc#1
nat on wg1 from { 192.168.8.0/24, 192.168.10.0/24 } to any -> (wg1)
nat on re0 from { 192.168.8.0/24, 192.168.10.0/24 } to any -> (re0)
nat on ue0 from { 192.168.8.0/24, 192.168.10.0/24 } to any -> (ue0)

block all
pass on { wg1, ue0, re0, lo0 } to any
Click to expand...




my road conf on pc#1
Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#4 US wg1
default 192.168.0.1 UGS ue0
10.5.0.0/24 link#4 U wg1
10.5.0.2 link#2 UHS lo0
46.182.7.90 192.168.0.1 UGHS ue0
127.0.0.1 link#2 UH lo0
128.0.0.0/1 link#4 US wg1
192.168.0.0/24 link#3 U ue0
192.168.0.100 link#2 UHS lo0
192.168.8.0/24 link#1 U re0
192.168.8.1 link#2 UHS lo0
192.168.10.0/24 192.168.8.2 UGS re0
Click to expand...






my conf pf.conf on pc#2
nat on igc0 from { 192.168.8.0/24, 192.168.10.0/24 } to any -> (igc0)

block all
pass on { igc0, lo0 } to any
pass on { bridge0, tap2, tap1, tap0 } to any
Click to expand...


my road conf on pc#2

Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 192.168.8.1 UGS igc0
127.0.0.1 link#2 UH lo0
192.168.8.0/24 link#1 U igc0
192.168.8.2 link#2 UHS lo0
192.168.10.0/24 link#6 U bridge0
192.168.10.1 link#2 UHS lo0
Click to expand...



Thanking you
Sincerely
D. Castellacci
 
Good morning
So I managed to share my VPN (openVPN) without problem.

On the other hand, I was not able to share my VPN (wireguard).

With wireguard the ping works, I can ping with my 2nd PC with the address www.google.fr it works but if you use a Firefox browser for example it does not work on the 2nd PC.

With Wireguard everything works on the first PC I haven't been able to share it.

So

Here is the pf conf on the 1st PC

$ sudo more /etc/pf.conf | grep -v "^#"
nat on wg1 from re0:network to any -> (wg1)
nat on tun0 from re0:network to any -> (tun0)
nat on { ue0, re0, lo0 } from any to any -> (ue0) --> local network
nat on { ue0, re0, lo0 } from any to any -> (re0) --> local network
block all
pass quick on { ue0, re0, lo0 } --> local network
pass out all keep state
pass in on wg1 from any to any keep state
pass in on tun0 from any to any keep state
Click to expand...

Thank you
 
You must log in or register to reply here.
Back
Top